Why does an expired session re-authenticate instead of show a login form?

If I have a session expiry set for 120 minutes (the default) and a user leaves their browser idle for over 120 minutes and then clicks a link on the page, their session appears to be regenerated rather than showing the user a login form again. How do I fix this behaviour to show the login form when the session has expired?

I don't know what version of Laravel has changed this behaviour but I know for a fact that some of my older applications built with older Laravel versions do not operate this way. I should be able to truncate the session table in my database to force everyone to logout but that is no longer the case either.

Edit: Derp... I forgot it's because of the remember token. If a user doesn't sign in with the remember me checkbox then this works as it should.

Solved. Ignore thread.