Auth implementation details #46147
-
|
I have checked out a code of auth, regards Session Guard, when using "remember me" it writes to the cookie "recaller " three values: id, token and pwd hash. And my question is why it sends password hash to the browser and even don't use it anywhere ? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
@yarosdev Can you provide some code or screenshots? |
Beta Was this translation helpful? Give feedback.
-
|
Here is |
Beta Was this translation helpful? Give feedback.
-
|
$user->getAuthPassword |
Beta Was this translation helpful? Give feedback.
-
|
The AuthenticateSession middleware compares the current hash with the hash from the cookie whenever the user was logged in via the recaller. |
Beta Was this translation helpful? Give feedback.
-
|
I got it, thank you |
Beta Was this translation helpful? Give feedback.
The AuthenticateSession middleware compares the current hash with the hash from the cookie whenever the user was logged in via the recaller.
framework/src/Illuminate/Session/Middleware/AuthenticateSession.php
Line 46 in 48afe79