I have a question about the default Laravel Remember Me option below the login form. I use the default built-in LoginController
.
When I read the Laravel documentation, then I read about the Remember option:
"which will keep the user authenticated indefinitely, or until they manually logout"
Ok. Now I do a test:
How is that possible? What is the difference?
Clicking the “Remember Me” box tells the browser to save a cookie so that if you close out the window for the site without signing out, the next time you go back, you will be signed back in automatically.
The Remember Me feature allows the client-side users to automatically remember their user login details as they regularly visit the website. In most cases, the user login information is store in the form of a cookie.
Remember-me or persistent-login authentication refers to web sites being able to remember the identity of a principal between sessions. This is typically accomplished by sending a cookie to the browser, with the cookie being detected during future sessions and causing automated login to take place.
Remembering Users If you would like to provide "remember me" functionality in your application, you may pass a boolean value as the second argument to the attempt method, which will keep the user authenticated indefinitely, or until they manually logout.
If you use remember me, Laravel puts cookie with token that is used to log you in next time you visit the page (in case you are somehow logged out I will explain later).
Laravel by default uses session that is valid for 2 hours (you can set this up in config), so if you close your browser while logged in and then attempt to open same browser again in window of 2 hours server will not notice the change.
"Log out somehow"
To answer your question "whats the difference?":
If you use remember me, Laravel will set cookie with token that is used instead of credentials (name:password combination) while logging in, and the process is invisible for user.
If you do not use remember me, you can be signed in only for 2 hours (or whatever is set in config file) without action. The fact that browser keeps session information even after its closed is considered as feature of the browser).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With