I've creating a working user/login system with the laravel 4 framework and all is working well.
However I'm always logged into the site unless I run the logout process. I would assume that if I login, close all browser windows and open the browser again I would be logged out. This is not the case.
In my Auth::attempt I am setting the $remember parameter to false even though it is false by default.
I have no idea why this is happening. If I logout, close all my browser windows then open them again I am NOT logged in. So this works fine. But if I'm logged in, close all my browsers then open the browser again I am already logged in. Even thought I have specified remember to be false.
What is keeping me logged in? Why does it always remember my login? I cannot find any information on this.
Change
'expire_on_close' => false,
to
'expire_on_close' => true,
in /app/config/session.php.
Laravel isn't actually remembering you (you're not being authenticated again by your remember_token), problem is that you session cookie persists on browser close (since it hasn't expired) and Laravel sees you as a logged in user.