Laravel remember me is always on

Question

I am using Laravel 4.2 and I want to let users decide if they want their login to be remembered on their PC or not. So my login form looks like this:

enter image description here

When you tick the checkbox, the post fields will have 'remember_me' => 'on'. The form posts to a named route called sessions.store which is handled like so:

public function store()
{
    // Capture input data
    $input = Input::only('email', 'password');

    // Validate input
    $this->loginForm->validate($input);

    // Login user
    if (Auth::attempt($input, (Input::get('remember_me') == 'on')))
        return Redirect::intended('/');

    // Login error
    return Redirect::back()->withInput()->withFlashError('Invalid portal account credentials provided');
}

For some reason, laravel keeps the user logged in (i.e. you close the browser completly and re-open it and you don't have to login, you are already logged in), even if they have not ticked the checkbox.

Any idea why this might be?

Update

This is my sessions/create.blade.php: http://pastebin.com/raw.php?i=MbrLgg6Y

This is my javascript checkbox helper: http://pastebin.com/raw.php?i=R8mNrj3s

Could just need strict equals in the remember me comparison: `Input::get('remember_me') === 'on'` — mopo922, Dec 16 '14 at 17:29
I don't see any issues with your code. Maybe the issue lies in your controller or routes. Can you show us the related code for your route and route controller? — Patrick Stephan, Jan 14 '15 at 15:10

score 4 · Answer 1 · answered Mar 25 '15 at 14:43

4

Try changing expire_on_close to true in config/session.php. Laravel should clear the session when you close the browser.

answered Mar 25 '15 at 14:43

Alex

196
1
6

doesn't help... – askobar Mar 14 '22 at 05:29

score 0 · Answer 2 · answered Dec 16 '14 at 16:59

0

Are you sure remember me is a checkbox? It looks like part of the submit button in your screenshot so you could be triggering it regardless.

Easiest way to tell is to put dd(Input::get('remember_me')) in your controller and see if you still get 'on' when you don't tick the remember box.

answered Dec 16 '14 at 16:59

fire

21,383
17
79
114

1

See updated question with blade view source and js. It is a checkbox. When I use `dd(Input::get('remember_me') == 'on')` in the `sessions.store` method, i get `true` when it's checked and `false` when it's not checked. So, this is not the problem. – Latheesan Dec 17 '14 at 08:44
It must be something else in your code then, maybe your calling Auth::attempt somewhere else as well, there is nothing wrong with your store method. – fire Dec 17 '14 at 09:48
1

This is the only place I am calling `Auth::attempt()`. – Latheesan Dec 17 '14 at 11:46

Laravel remember me is always on

2 Answers2