Hi guys,
I'm having an issue with several browsers and the remember me using the cookie driver in sessions.
If a user logs in and cheks the remember me option in chrome and then on firefox the remember me token is the same for both. That is not a problem.
The problem is that if you logs out in one of the browsers (for example firefox) the other one (chrome) will have a invalid remember token because the token is updated when a login happens.
Is there a way to over come this? The user should keep the valid login in chrome.
Thanks
I don't know whats your app is about but usually clients only use one browser.
I don't think this is currently possible, without extending/changing the Guard class. This is done for security reasons, so that a user can't stay logged in forever.
It would require saving cookie on user's computer or validation via IP or something like that. That would be vulnerably, not a smart idea.
Cookies are always saved on the users computer ;) But to be clear, the OP doesn't want to share his session betweens browsers, he just doesn't want all 'remember me' sessions to be clear when logging out from one of them.
Since the remember_token is saved in the users table by default, you would have to refactor how the session is validated. Typically, this token is saved in the cookie in the browser. When the user visits, the Auth class looks at the cookie, and checks if it is found in the user table. Then logs them in automatically.
You would have to add a remember_token table probably with a one user to many remember_token relationship. Then each user that checks the remember me could create multiple tokens. You would need to make sure you take care of garbage collection on older sessions.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast