This is from the documentation:
If you would like to provide "remember me" functionality in your application, you may pass a boolean value as the second argument to the attempt method, which will keep the user authenticated indefinitely, or until they manually logout. Of course, your users table must include the string remember_token column, which will be used to store the "remember me" token.
Now, notice how it states 'indefinitely'. If the second argument for attempt() is false, then I believe it defaults to the configuration files (see: config/session).
You'll see two options in
'lifetime' => 120 // 2 hours,
'expire_on_close' => false // dont delete session on browser close.