Laravel Remember Me Changes
Published on by Eric L. Barnes
An old Laravel security vulnerability was brought back to life today and the issue reported was fixed 7 months ago and is not an issue currently. You can see the change here to confirm the strict equality check.
This did bring up some unrelated issues with the remember me functionality and it will require you to add a new column to your “users” table. These changes should be out this afternoon and be sure and read the release notes.
On the topic of security, never have full dumping of error messages and stack traces turned on in production!
And another good change coming:
As of today, you will now be forced to configure your local environment in order to receive full error messages.
Eric is the creator of Laravel News and has been covering Laravel since 2012.