-
Notifications
You must be signed in to change notification settings - Fork 11k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SessionGuard does not check remember_token column existence #16509
Comments
SessionGuard
does not check remember_token column existence
@Bennoz Why would |
My point is basically about the ease of use of this framework. The framework allows us to use a lot of defaults, and even checks whether we have a In Laracasts for example something said a lot is that if we don't need it, we can cut it out! But, when we do in fact cut this specific part out, we get an error only because of the |
https://github.com/laravel/framework/blob/5.3/src/Illuminate/Auth/SessionGuard.php#L578 Session Guard tries to set the remember token, without checking even if it exists or not. |
Well basically logging in by setting the $remember parameter to true in |
That is indeed what would happen when you pass the parameter, but, again I'm talking about default behaviour when using the |
@Bennoz Again, it is something you need to implement on your own. It's not an issue with the framework. Instead of criticizing the implementation, how about you create a pull request for inclusion into the framework. |
I unfortunately have no knowledge of both the pull requests and the internal workings of the framework. Anyway, if it's not an issue, then why would I? I'm merely pointing out an inconsistency within the use of the framework, which is from my (framework) user point of view. If this really is not an issue (and the error is therefore expected behaviour), I expect an authorised developer to close this. |
Fixing this is going to need breaking changes. It won't be an easy fix. |
Yeah i think 5.4 may the right one for this or this could go into 5.3 as well. But i feel that errors will happen when you are retrieving user details but are using |
Description:
SessionGuard->logout()
does not check whether a remember token field exists (logging out), whileAuthenticateUsers->attemptLogin()
does check by$request->has('remember')
.Default LoginController with AuthenticateUsers trait. The call to
AuthenticateUsers->logout()
will call$this->guard()->logout()
which calls$this->refreshRememberToken($user)
.This means an error will be thrown when logging out. The error is an SQL error (or sqlite etc.) saying the
remember_token
column does not exist.Steps To Reproduce:
Create a custom App/User and migration, without a 'remember me' token. Try logging out. Using default session guard etc. (mainly achieved by make:auth).
The text was updated successfully, but these errors were encountered: