问题
I've creating a working user/login system with the laravel 4 framework and all is working well.
However I'm always logged into the site unless I run the logout process. I would assume that if I login, close all browser windows and open the browser again I would be logged out. This is not the case.
In my Auth::attempt I am setting the $remember parameter to false even though it is false by default.
I have no idea why this is happening. If I logout, close all my browser windows then open them again I am NOT logged in. So this works fine. But if I'm logged in, close all my browsers then open the browser again I am already logged in. Even thought I have specified remember to be false.
What is keeping me logged in? Why does it always remember my login? I cannot find any information on this.
回答1:
Change
'expire_on_close' => false,
to
'expire_on_close' => true,
in /app/config/session.php.
Laravel isn't actually remembering you (you're not being authenticated again by your remember_token), problem is that you session cookie persists on browser close (since it hasn't expired) and Laravel sees you as a logged in user.
回答2:
I believe some browsers do this for you, not sure. Did you clear your browsing data / cookies after setting $remember to false and testing?
回答3:
What version you're on?
If below 4.1.26 than your answer is:
http://laravel.com/docs/upgrade#upgrade-4.1.26
Hope it will help!!! :G
来源:https://stackoverflow.com/questions/25183992/why-am-i-always-logged-in-even-after-closing-browser-with-remember-me-set-to-fal