Invalidating session on browser close
There is no way to invalidate a previously issued session token cookie that is not a remember_me cookie AFAIK.
I'm not sure if it could/should be in core Laravel, but additional events to hook into would be good.
It would be nice to be able to do so, for example a button to logout all users or whenever you change your password, reset existing sessions.
I see that this probably isn't really easy in the way it currently is, but perhaps en extra 'token' field with a random string, that is also stored in the session/cookie, as en extra check besides the user id?
I'm not really sure, maybe I'm overlooking something.
When logging in through Auth::attempt(), an auth.login is fired after logging in, with the $remember value.