Ensure that there is a remember_token column in the user table. Laravel's default migration already includes this field. If not, it will be added through migration; 2. Add a check box with name remember in the login form to provide the "Remember Me" option; 3. Pass the remember parameter to the Auth::attempt() method during manual authentication to enable persistent login; 4. "Remember Me" lasts for 5 years by default, and can be customized through the remember_for configuration item in config/auth.php; 5. Laravel automatically invalidates remember_token when password changes or user deletes. It is recommended to use HTTPS to ensure security in the production environment; 6. When the user logs out, he calls Auth::logout() and invalidates the session to ensure that remember_token is cleared; in summary, Laravel fully realizes the safe and reliable "Remember me" function through database fields, encryption cookies and built-in authentication mechanisms, and can be used normally by just correct configuration.

Implementing a "Remember Me" functionality in Laravel is straightforward because Laravel's built-in authentication system supports it out of the box. The "remember me" feature allows users to stay logged in for a longer period, even after closing the browser.

Here's how you can properly implement and use it:

1. Add a remember_token column to your User model

Laravel expects a remember_token column in the users table to support the "remember me" functionality.

If you're using the default Laravel user migration, this column is already included:

 // In create_users_table migration
$table->rememberToken(); // This adds remember_token VARCHAR(100) NULL

If you're adding it to an existing table or model, create a new migration:

 php artisan make:migration add_remember_token_to_users_table --table=users

Then in the migration file:

 public function up()
{
    Schema::table('users', function (Blueprint $table) {
        $table->rememberToken();
    });
}

public function down()
{
    Schema::table('users', function (Blueprint $table) {
        $table->dropRememberToken();
    });
}

Run the migration:

 php artisan migrate

2. Update your login form with a "Remember Me" checkbox

In your login form (eg, login.blade.php ), add a checkbox for "remember me":

 <form method="POST" action="{{ route(&#39;login&#39;) }}">
    @csrf

    <div>
        <label for="email">Email</label>
        <input id="email" type="email" name="email" value="{{ old(&#39;email&#39;) }}" required>
    </div>

    <div>
        <label for="password">Password</label>
        <input id="password" type="password" name="password" required>
    </div>

    <div>
        <input type="checkbox" name="remember" id="remember" {{ old(&#39;remember&#39;) ? &#39;checked&#39; : &#39;&#39; }}>
        <label for="remember">Remember Me</label>
    </div>

    <button type="submit">Login</button>
</form>

3. Modify the login logic to support "remember me"

If you're using Laravel Breeze, Jetstream, or Fortify, this is already handled. But if you're handling authentication manually (eg, in a custom LoginController ), you need to pass the remember option to the attempt method.

 use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

public function login(Request $request)
{
    $credentials = $request->validate([
        'email' => ['required', 'email'],
        'password' => ['required'],
    ]);

    $remember = $request->has('remember');

    if (Auth::attempt($credentials, $remember)) {
        $request->session()->regenerate();
        return redirect()->intended('/dashboard');
    }

    return back()->withErrors([
        'email' => 'The provided credentials do not match our records.',
    ]);
}

Note: The second parameter of Auth::attempt() is $remember , which, when true , tells Laravel to keep the user logged in indefinitely (until the token expires or is invalidated).

4. How long does "remember me" last?

By default, Laravel keeps the "remember me" login for 5 years . This is defined in the session configuration.

You can customize this by modifying the remember_for option in config/auth.php :

 'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\Models\User::class,
        'remember_for' => 31536000, // 1 year in seconds (optional)
    ],
],

?? Make sure to run php artisan config:cache in production after changing config files.

5. Security considerations

• The remember_token is stored in the database and as a secure, hashed cookie in the user's browser.
• Laravel automatically invalidates the token on password change or user deletion.
• Always use HTTPS in production to protect the remember-me cookie from being intercepted.

6. Logging out and clearing "remember me"

When a user logs out manually, Laravel invalidates the remember-me token by default. In your logout method:

 Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();

This ensures the "remember me" token is cleared from the database.

Summary

To enable "remember me" in Laravel:

• ? Ensure remember_token column exists in users table
• ? Add a remember checkbox in the login form
• ? Pass the remember flag to Auth::attempt()
• ? Handle logo properly to invalidate the token

Laravel handles the rest — storing tokens, validating them on future visits, and keeping users logged in securely.

Basically, it's simple to implement and robust by default.

The above is the detailed content of How to implement a 'remember me' functionality in Laravel. For more information, please follow other related articles on the PHP Chinese website!