When I use laravel 5 Auth
if (Auth::attempt($auth,true)) {
// Check pass...
}
to login ,database will keep the remeber_token untill I do
Auth::logout() ,
1.how to clean the remeber_token when I close the browse?
2.how to set the remeber_token alive time?
Thanks.
martinstoeckli said:
It would be nice, if the Auth facade would offer a property to enable/disable the remember token. If a website does not intend to use this feature, it should not be necessary to to all the stuff anyway. I found a relatively easy circumvention of the remember functionallity and could not see any security problems, as long as you do not offer to set the remember token in your app:
class User extends BaseModel implements UserInterface, RemindableInterface
{
...
public function getRememberToken()
{
return null; // not supported
}
public function setRememberToken($value)
{
// not supported
}
public function getRememberTokenName()
{
return null; // not supported
}
/**
* Overrides the method to ignore the remember token.
*/
public function setAttribute($key, $value)
{
$isRememberTokenAttribute = $key == $this->getRememberTokenName();
if (!$isRememberTokenAttribute)
{
parent::setAttribute($key, $value);
}
}
...
You can refer this link http://laravel.io/forum/05-21-2014-how-to-disable-remember-token
You can't do anything when browser closing, because for doing something, some PHP script must be executed. Other words you can't doing anything till you call some url on your website.
Did you try set expire_on_close to true in config/session.php?
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 120,
'expire_on_close' => true,
