How remember_token is generated by laravel automatically? Can we do the same in codeigniter?

Question

I am new in MVC. Can anyone tell me where the function for remember_token is written in laravel? I saw in Blueprint and found this function:

public function rememberToken()
{
  return $this->string('remember_token', 100)->nullable();
}

which is just a function to define a field in database. I also saw in Contracts/Auth/Authenticable.php but here also i found a bunch of interfaces defined along with the getremembertoken and setremembertoken as:

interface Authenticatable
{
  public function getRememberToken();
  public function setRememberToken($value);
  public function getRememberTokenName();
}

Where is the actual function written for generating token that is saved in database? Can anyone tell me please? And can I implement the similar function in codeigniter?

Answer 1

The remember token in Laravel is created when needed (e.g. when a user registers and clicks the "remember me" button. When that happens the default scaffolding is to call upon the AuthenticatesUsers::attemptLogin method:

protected function attemptLogin(Request $request)
{
    return $this->guard()->attempt(
        $this->credentials($request), $request->has('remember')
    );
}

The default guard accepts 2 parameters in the "attempt" method (however the actual Guard interface does not actually require an attempt method to exist at all this is all just default Laravel scaffolding).

Example the SessionGuard has the following attempt method:

public function attempt(array $credentials = [], $remember = false)
{
    $this->fireAttemptEvent($credentials, $remember);
    $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);

    if ($this->hasValidCredentials($user, $credentials)) {
        $this->login($user, $remember);
        return true;
    }

    $this->fireFailedEvent($user, $credentials);
    return false;
} 

Which in turn calls on login (again not part of the Guard interface just the laravel scaffolding). If you keep following the call sequence it just boils down to:

protected function cycleRememberToken(AuthenticatableContract $user)
{
    $user->setRememberToken($token = Str::random(60));
    $this->provider->updateRememberToken($user, $token);
}

Followed by:

protected function queueRecallerCookie(AuthenticatableContract $user)
{
    $this->getCookieJar()->queue($this->createRecaller(
        $user->getAuthIdentifier().'|'.$user->getRememberToken()
    ));
}

Presumably to store the remember token in a (probably encrypted) cookie and use it to automatically log in the user later.

Just to point out that Laravel is open source and this whole process of going through the source code is something you can do by yourself whenever you need details about implementation.

Answer 2

Yes you can do this in CodeIgniter Also

Open your application/config/config.php

// Default $config['csrf_protection'] = FALSE; change and set TRUE

$config['csrf_protection'] = FALSE;
// Change it To
$config['csrf_protection'] = TRUE;

$config['csrf_token_name'] = 'csrf_token'; // The token name
$config['csrf_cookie_name'] = 'csrf_cookie_name'; // The cookie name
$config['csrf_expire'] = 7200; // The number in seconds the token should expire.
$config['csrf_regenerate'] = FALSE; // Regenerate token on every submission
$config['csrf_exclude_uris'] = array(); // Array of URIs which ignore CSRF checks

You can get the CSRF token name and value via the security class:

$this->security->get_csrf_hash();
$this->security->get_csrf_token_name();

You can find this function in system/core/Security.php in line 306, 319