Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

nikunj-gw's avatar

How Auth::viaRemember() is working?

There is very little documentation about Auth::viaRemember(). In the "Remembering users" section of Laravel.com 7.x documentation about authentication, only the following is written:

If you are "remembering" users, you may use the viaRemember method to determine if the user was authenticated using the "remember me" cookie"

And the documentation of 8.x has no mention of this viaRemember() function! It is really confusing how to use it.

There are 3 tables for 3 different types of users, and separate providers and guards are used in my application. I am able to save the remember_token in the users' tables , but then how to authenticate / login them with the remembered cookie?

  • Where/when the Auth::viaRemember() function should be called?
  • What about guard when calling this function? Do I need to call Auth::guard('admin')->viaRemember(), then Auth::guard('customer')->viaRemember(), then Auth::guard('franchise')->viaRemember() to check for all the 3 user types? How would I know that for which user type/guard the cookie is set?
  • Presently I have called this function in the __construct() function of a common (for all types of users) AuthController. The function is always returning false whether I statically supply a guard or omit the guard.
  • I also tried placing Auth::check() and Auth::guard('customer')->check() before calling Auth::viaRemember() function (as per suggestions in some StackOverflow answers).
0 likes
3 replies
mabdullahsari's avatar

You don't have to do anything? The StatefulGuard will do the heavy lifting for you behind the scenes i.e. fall back to the remember me token if the user's session has expired. viaRemember() is a function which only determines if the user's current session started using such a token (returns a boolean in other words) and beyond that it serves no purpose.

It is useful when you want someone to re-enter the password when accessing a sensitive area such as a profile page for example.

nikunj-gw's avatar

Ok. I understood. Many thanks.

Now the problem is - when logging in, I am saving some information in session. And I am checking in a middleware (which is used to guard the pages after login) that whether the info is available in session or not, and the info is not available in the middleware if user was logged in by Laravel using the remember cookie. (If the info is not available then I am redirecting to the login page.) What this means is - Laravel isn't restoring all session data. Auth::check() is returning true in the middleware but session info isn't available. So, what is happening is - (1) when login page is accessed and remember cookie is set, Laravel is logging in using the cookie and redirecting to the dashboard page (the page after successful login), (2) now the middleware is executed and checks for the session info, and as the session info is not found, user is redirected to the login page .... the infinite loop between (1) and (2) continues!

So, what to do to restore session data? Or there is a bug in Laravel? Or it is intended for some valid reason?

Snapey's avatar
Snapey
4 years ago
Best Answer
Level 122

You can listen for the authenticated event and set your session data there

Please or to participate in this conversation.