diff --git a/laravel/auth.php b/laravel/auth.php
index f660e5cd..0e8d3d83 100644
--- a/laravel/auth.php
+++ b/laravel/auth.php
@@ -89,15 +89,15 @@ public static function user()
 	/**
 	 * Attempt to login a user based on a long-lived "remember me" cookie.
 	 *
-	 * We should be able to trust the cookie is valid, since all cookies
-	 * set by Laravel include a fingerprint hash to ensure the cookie
-	 * value is not changed on the client.
-	 *
 	 * @param  string  $recaller
 	 * @return mixed
 	 */
 	protected static function recall($recaller)
 	{
+		// When the "remember me" cookie is stored, it is encrypted and contains the
+		// user's ID and a long, random string. The ID and string are separated by
+		// a pipe character. Since we exploded the decrypted string, we can just
+		// pass the first item in the array to the user Closure.
 		$recaller = explode('|', Crypter::decrypt($recaller));
 
 		if ( ! is_null($user = call_user_func(Config::get('auth.user'), $recaller[0])))