Laravel: What is "remember_token" in the "users" DB table?
No. It's not supposed to be used to authenticate. It's used by the framework to help against Remember Me
cookie hijacking. The value is refreshed upon login and logout. If a cookie is hijacked by a malicious person, logging out makes the hijacked cookie useless since it doesn't match anymore.
Refer to this documentation:
https://laravel.com/docs/4.2/upgrade#upgrade-4.1.29
I had to add the remember_token
to my users table migration in order for Auth::logout()
to work properly.
Added remember_token
to my migrations as such.
<?php
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class CreateUsersTable extends Migration {
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
//
Schema::create('users', function(Blueprint $table)
{
$table->increments('id');
$table->string('lname', 32);
$table->string('fname', 32);
$table->string('username', 32);
$table->string('email', 320);
$table->string('remember_token', 100);
$table->string('password', 64);
$table->timestamps();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
//
Schema::drop('users');
}
}
From the command-line you the have to drop the users table, then migrate/seed.
Even if this an old question, I wanted to present an option not use the token if you don't need it (e.g. have no remember me option on your site).
Instead of adding a dummy column to your users table you can just prevent Auth::logout() from setting it.
Just add this to your User model (works as of Laravel 5.6):
public function save(array $options = array()) {
if(isset($this->remember_token))
unset($this->remember_token);
return parent::save($options);
}
This removes the 'remember_token' column just before the model gets saved and thus preventing an error to be risen because of the non-existant column.