Is it safe to use the remember_token
in the users table for authenticating the user into the application?
What is the purpose of this token? Currently, I'm using it in forms to check whether the user is logged in - if the token is not present, I show the login screen. Each time the user logs out, this token is regenerated.
No. It's not supposed to be used to authenticate. It's used by the framework to help against Remember Me
cookie hijacking. The value is refreshed upon login and logout. If a cookie is hijacked by a malicious person, logging out makes the hijacked cookie useless since it doesn't match anymore.
Refer to this documentation: