From 4a814e8df562277b70268a0a704a3c51f7792e34 Mon Sep 17 00:00:00 2001
From: Emil Rosenius <ERPedersen@users.noreply.github.com>
Date: Wed, 26 Aug 2020 13:00:14 +0200
Subject: [PATCH] Fix offset error on invalid remember token

---
 src/Illuminate/Session/Middleware/AuthenticateSession.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Illuminate/Session/Middleware/AuthenticateSession.php b/src/Illuminate/Session/Middleware/AuthenticateSession.php
index 85a9b39d84ad..5da389ae3d39 100644
--- a/src/Illuminate/Session/Middleware/AuthenticateSession.php
+++ b/src/Illuminate/Session/Middleware/AuthenticateSession.php
@@ -40,9 +40,9 @@ public function handle($request, Closure $next)
         }
 
         if ($this->auth->viaRemember()) {
-            $passwordHash = explode('|', $request->cookies->get($this->auth->getRecallerName()))[2];
+            $passwordHash = explode('|', $request->cookies->get($this->auth->getRecallerName()))[2] ?? null;
 
-            if ($passwordHash != $request->user()->getAuthPassword()) {
+            if (! $passwordHash || $passwordHash != $request->user()->getAuthPassword()) {
                 $this->logout($request);
             }
         }