Laravel / April 15, 2014

Laravel Remember Me Changes

An old Laravel security vulnerability was brought back to life today and the issue reported was fixed 7 months ago and is not an issue currently. You can see the change here to confirm the strict equality check.

This did bring up some unrelated issues with the remember me functionality and it will require you to add a new column to your “users” table. These changes should be out this afternoon and be sure and read the release notes.

On the topic of security, never have full dumping of error messages and stack traces turned on in production!

And another good change coming:

As of today, you will now be forced to configure your local environment in order to receive full error messages.

Laravel News Partners

Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.