private function resolveUser(Guard $guard) { // if we're logging in using remember token // then we must resolve user „manually” // to prevent csrf token regeneration $usingSession = $guard instanceof SessionGuard; $recaller = $usingSession ? $guard->getRequest()->cookies->get($guard->getRecallerName()) : null; if ($usingSession && !is_null($recaller)) { list($id, $token) = explode('|', $recaller); return $guard->getProvider()->retrieveByToken($id, $token); } else { return $guard->user(); } }