Back

How to disable remember token?


On each logout i get error that 'remember_token' not exist. But i dont use remember me feature, on login it is disabled. Is there simple way to turn off it on logout?

atrakeur replied 3 years ago

There is no simple way to do that (appart from rolling back to a pre-4.1.25 laravel.

What about just modify your user table to include a remember_token field? If you create a new migration to alter table, you'll avoid data loss on your production website.

If it does not correct the problem, please post the exact whole error.

barryvdh replied 3 years ago

http://laravel.com/docs/upgrade

trololosha4real replied 3 years ago Solution

atrakeur said:

There is no simple way to do that (appart from rolling back to a pre-4.1.25 laravel.

What about just modify your user table to include a remember_token field? If you create a new migration to alter table, you'll avoid data loss on your production website.

If it does not correct the problem, please post the exact whole error.

The problem is that I create a web interface for existing desktop program, which uses this db. If i modify something in that db the main program could "blow"... For small things i use own local db, but for auth i need to use remove, which cant edit... For now just EloquentUserProvider class and overrided the updateRememberToken method.

martinstoeckli replied 3 years ago

It would be nice, if the Auth facade would offer a property to enable/disable the remember token. If a website does not intend to use this feature, it should not be necessary to to all the stuff anyway. I found a relatively easy circumvention of the remember functionallity and could not see any security problems, as long as you do not offer to set the remember token in your app:

class User extends BaseModel implements UserInterface, RemindableInterface
{
  ...
  public function getRememberToken()
  {
    return null; // not supported
  }

  public function setRememberToken($value)
  {
    // not supported
  }

  public function getRememberTokenName()
  {
    return null; // not supported
  }

  /**
   * Overrides the method to ignore the remember token.
   */
  public function setAttribute($key, $value)
  {
    $isRememberTokenAttribute = $key == $this->getRememberTokenName();
    if (!$isRememberTokenAttribute)
    {
      parent::setAttribute($key, $value);
    }
  }
  ...
BlackMetalz replied 3 years ago

martinstoeckli said:

It would be nice, if the Auth facade would offer a property to enable/disable the remember token. If a website does not intend to use this feature, it should not be necessary to to all the stuff anyway. I found a relatively easy circumvention of the remember functionallity and could not see any security problems, as long as you do not offer to set the remember token in your app:

class User extends BaseModel implements UserInterface, RemindableInterface
{
 ...
 public function getRememberToken()
 {
   return null; // not supported
 }

 public function setRememberToken($value)
 {
   // not supported
 }

 public function getRememberTokenName()
 {
   return null; // not supported
 }

 /**
  * Overrides the method to ignore the remember token.
  */
 public function setAttribute($key, $value)
 {
   $isRememberTokenAttribute = $key == $this->getRememberTokenName();
   if (!$isRememberTokenAttribute)
   {
     parent::setAttribute($key, $value);
   }
 }
 ...

Thanks Problem solved. I don't need to add column remember_token in database anymore :)

cmgabriel replied 2 years ago

Thanks it helped.

stevengiraldo replied 2 years ago

Thanks, it solved my problem too. (Laravel 5.1)

hakeemtunde replied 1 year ago

also helps, thanks Laravel 5.2

eljay16 replied 1 year ago

martinstoeckli said:

  /**
   * Overrides the method to ignore the remember token.
   */
  public function setAttribute($key, $value)
  {
    $isRememberTokenAttribute = $key == $this->getRememberTokenName();
    if (!$isRememberTokenAttribute)
    {
      parent::setAttribute($key, $value);
    }
  }

This works on Laravel 5.3 as well thank you!

troccoli replied 6 months ago

This is exactly what I wanted. We are eventually going to implement the "Remember me" feature, so I just wanted a quick way to disable it in the meantime.

It works on 5.4.23 too


Sign in to participate in this thread!



We'd like to thank these amazing companies for supporting us