EDIT : OP made clear he called Auth::logout()
properly, so answer is edited to include the "Real" answer.
Set lifetime
value in app/config/session/php
to 0
to make cookie clear on browser close.
Previous answer
This is the login
method in Illuminate\Auth\Guard
(Which is facaded to Auth
) class, which is eventually called by Auth::attempt()
.
source : http://laravel.com/api/source-class-Illuminate.Auth.Guard.html#263-291
public function login(UserInterface $user, $remember = false)
{
$id = $user->getAuthIdentifier();
$this->session->put($this->getName(), $id);
// If the user should be permanently "remembered" by the application we will
// queue a permanent cookie that contains the encrypted copy of the user
// identifier. We will then decrypt this later to retrieve the users.
if ($remember)
{
$this->queuedCookies[] = $this->createRecaller($id);
}
// If we have an event dispatcher instance set we will fire an event so that
// any listeners will hook into the authentication events and run actions
// based on the login and logout events fired from the guard instances.
if (isset($this->events))
{
$this->events->fire('auth.login', array($user, $remember));
}
$this->setUser($user);
}
It is clear that even though the cookie is set when $remember
is set to true
, the cookie itself is not cleared when $remember
is set to false or other non-truthy value.
The cookie is cleared when you call Auth::logout()
function.