Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ixudra's avatar

Auth remember_me token does not work

Hi, I'm trying to use the remember_me feature to allow users to authenticate using the token. Everything works fine when I select the checkbox:

  • login with token
  • close browser without logging out
  • go to website - still logged in - OK!!

Everything also works fine when manually logging out

  • login with token
  • manually log out
  • close browser
  • go to website - not logged in - OK!!

The problem is when I log in without the token. For some reason, the use is still authenticated, even after I close the browser.

  • login without token
  • close browser without logging out
  • go to website - still logged in - NOT OK!!

I'm using the default Laravel implementation, nothing special there. So that makes me wonder - is this normal behavior? Or am I not doing something here?

<?php namespace App\Http\Controllers\Auth;


use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Auth\Registrar;
use Ixudra\Core\Http\Controllers\BaseController;
use App\Http\Requests\Auth\LoginFormRequest;

use App;

class AuthController extends BaseController {

    public function __construct(Guard $auth, Registrar $registrar, AuthViewFactory $authViewFactory)
    {
        $this->auth = $auth;
        $this->registrar = $registrar;

        $this->authViewFactory = $authViewFactory;
    }

    public function processLogin(LoginFormRequest $request)
    {
        if( $this->auth->attempt( $request->only('email', 'password'), $request->getInput()['remember'] ) ) {
            $redirect = 'index';
            if( $this->auth->user()->isAdmin() ) {
                $redirect = 'admin.index';
            }

            return $this->redirect($redirect, array(), 'success', array(trans('authentication.login.success')));
        }

        return $this->redirect('login', array(), 'error', array(trans('authentication.login.dataIncorrect')));
    }

    public function logout()
    {
        $this->auth->logout();

        return $this->redirect('index', array(), 'success', array(trans('authentication.logout.success')));
    }

}
0 likes
4 replies
pmall's avatar

What do you mean by with/without the token ?

ixudra's avatar

with token = with the remember me checkbox checked in the login form

without token = without the remember me checkbox checked in the login form

pmall's avatar

If you get back to the website after a short period of time the session is still active, but after a while the session would have expired.

ixudra's avatar

@pmall that's what I expected. I assume there is no way to force this since there is no way to detect when a user leaves the site - or not at least to my knowledge..

Thx for the confirmation at least

Please or to participate in this conversation.