Auth::login() vs Auth::attempt()

there is no difference, the attempt method calls the login method with the user as parameter

Check the source code if you want on github

So Attempt by it self does not login the user in, it just attempts to find a user in the database with the credentials, and then call login with the found user

@kappa Attempt basically tries logging the user in with credentials, where login is just logging in the user without checking credentials.

If you are passing username/password... use attempt.

If you are impersonating a user or logging them in post-SSO or after social login... use login.

Hello @kappa

"Attempt" we use for manually authenticating a user, this attempt method accepts an array of key/value pairs as its first argument. The values in the array will be used to find the user in your database table. this method will return true if authentication was successful. Otherwise, false will be returned.

btw you in attempt method you can pass additional parameters e.g active = ture, email_verified_at not null and remember user

if (Auth::attempt(['email' => $email, 'password' => $password], $remember)) {
    // The user is being remembered...
}

and Login() is for making authenticate a user instance if you need to log an existing user instance into your application, you may call the login method with the user instance

Auth::login($user);

// Login and "remember" the given user...
Auth::login($user, true);

like @fylzero and @a4ashraf explained

attempt fetch the right user from the db using its credentials and any extra fields, and then call the login method login do the actual work of creating the session and the setting the remember me token.

so if you already have a user instance, you can skip attempt and directly call login