Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Edit: I am using laravel 6 built-in authentication system with "remember me" enabled. Although remember cookie is set to expire in 5 years, and is supposed to automatically log me in, i am randomly logged out. When i check, i see the cookie is deleted on client side too. So what is the cause and how to fix that? I would suspect it was browser issue but remember me on other sites work well.
Remember_token and session are two different things. If you have a remember token it will help in filling the form but you still get a session when you login and after some time session will logout
You can set this time in the .env file
SESSION_LIFETIME=120
It's defined in minutes
So, is the only way to keep logged in forever to increase that value? The purpose of remember_token is to login users automatically. What is the purpose of it, if it gets removed when session expires?
Remember me is not valid if you manually logged out It will be valid only if you closed your browser or your session expired then you will be logged in automatically without need to enter your credentials again.
From laravel documentation:
keep the user authenticated indefinitely or until they manually logout. Your users table must include the string remember_token column, which will be used to store the "remember me" token.
i never said i manually logged out. Of course, i know that is how "remember me" is supposed to work. It is just remember_token disappears randomly and doesn't work as expected to keep me logged in forever, even thogh cookie on the client side ise set to expire in 5 years.
So something is writing to the database table and setting the token to null?
remember_token disappears randomly
unlikely
More likely, the user also logs in from another device where they do not have the remember me checkbox ticked.
So where is the code that does it, and how can i fix that?
That is specific to your codebase which means that someone implemented it. Either search for that "feature" and disable it. Or if you can't find it, and I have to guess, try removing current vendor folder and run composer install. Maybe someone changed it directly in the vendor directory which is pretty bad.
Updated OP. I set session lifetime to 1 minute. But the system still keeps me logged in for a few hours or a day. And after that time, i find myself logged out and find the cookie deleted on client side. Previously when i created this topic i found token deleted on database, but it doesnt happen again (might be a bug or a mistake). Now i tried 3 times and it is just i found cookie is being deleted on client side. So i cant figure out why cookie is being deleted randomly.
Perhaps you have cookies set with expire_on_close set to true (check config.session.php)
Nope, it was false by default. I tried again, and could stay logged in for 2 days. But just now it logged me out again. So even though cookie is set to expire in 5 years, it seem to last at most 2 days. So far nothing works. I thinks this is a bug in laravel 6. Because i remember i had the same problem on different laravel apps and devices, but never paid attention and proceeded to login.
It really looks like something is either wrong with your local setup (browser) or with your server configuration. I cannot replicate your problem. When I check remember me, I'll stay logged in forever (i.e. 5 years). The session lifetime shouldn't have anything to do with it. Have you tried a different browser?
Please or to participate in this conversation.