Laravel: difference between login with and without Remember Me option?

Question

I have a question about the default Laravel Remember Me option below the login form. I use the default built-in LoginController. When I read the Laravel documentation, then I read about the Remember option:

"which will keep the user authenticated indefinitely, or until they manually logout"

Ok. Now I do a test:

• I uncheck the Remember Me checkbox, and I login. Then I close the browser. I open my browser and goto my app: I am still logged-in.
• Then I select the checkbox Remember Me, log in, close browser, open browser: exactly the same result: I am still logged-in....

How is that possible? What is the difference?

Answer 1

If you use remember me, Laravel puts cookie with token that is used to log you in next time you visit the page (in case you are somehow logged out I will explain later).

Laravel by default uses session that is valid for 2 hours (you can set this up in config), so if you close your browser while logged in and then attempt to open same browser again in window of 2 hours server will not notice the change.

"Log out somehow"

• well obviously by clicking logout in application
• clearing up browser cache by browser itself or by 3rd party program
• using different browser (this is just for clarification)
• using incognito mode (this is just for clarification)
• using different computer and browser without sync feature (this is for clarification)

---

To answer your question "whats the difference?":

If you use remember me, Laravel will set cookie with token that is used instead of credentials (name:password combination) while logging in, and the process is invisible for user.

If you do not use remember me, you can be signed in only for 2 hours (or whatever is set in config file) without action. The fact that browser keeps session information even after its closed is considered as feature of the browser).