Level 122
sessions and being authenticated are not the same thing. Sending even the login page to a visitor will create a session.
If the user is actually logged in, then remove the remember_me value from the users table
1 like
Mar 30, 2025
3
Level 7
why deleting sessions from database wont log user out
I'm using database driver for sessions and when I delete sessions from database, it will be recreated when user refreshes the page, why it doesn't make them logged out?
Level 7
@Snapey what remember_me actually contains? how one remember_me value can login/have relation with multiple sessions
1 like
Level 122
its a randomized string
the remember me value is stored in a cookie on the client. When the user starts a new session on the server it sends the cookie. If the contents of the cookie can be found in the users, then that user is immediately authenticated.
1 like
Please or to participate in this conversation.