-
Notifications
You must be signed in to change notification settings - Fork 213
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set remember me token expire date to 1 year #167
base: master
Are you sure you want to change the base?
Conversation
The expiration date is now hardcoded to 1 year, if a user would like to change this, he has no way of doing that. Perhaps it's a good idea to maybe add it to the config file or add a param to the Using config file in
|
I think I would prefer the config file version, this isn't something that needs to be set on a case by base bases so a config value should work fine. |
I agree, config would make more sense, I'll adjust the code. |
Hi, any update on this? |
Merge new commits into fork
I've occasionally run into this remember-token confusion. I hadn't investigated, but it looks like your proposal probably solves that. Thanks for that. One year is probably fine. Perhaps there's value in simply checking what the intended guard's "forever" length is set to, and using that? The default "forever" length for Laravel 9+ is 400 days (per standards). (Prior to that it was 5 years.): |
When you stop impersonating a user, the expire date of the remember token gets set to
session
.This means that when you close the browser and the session ends, the remember me token is gone, and the user has to log in again (that is if the Laravel session expired). Setting the remember me token to a date will keep the remember token when the browser closes, and the user will still be logged in.