Laravel

How does authorization work in laravel?

Hello everyone, I have laravel 5.8.38 - and the following question arose.
There is a standard method in the lara which logs in the user from the controller, if I do this
Auth::login($user,true);

Auth::login($user,true);
dump(auth()->user());

Then auth()->user() displays the desired user, everything is ok, but how the hell does he log in? how does it remember that this user is logged in? I thought that this is done by session cookies, but there are no cookies at all.
after successful authorization, I return json In theory, session cookies should come with the json response, but they are not there at all. wtf? Do I have to manually set these cookies? then why is Auth::login needed? The controller itself:
return response()->json(['user' => $user], 200);

$code = $request->code;
        preg_match("/(7[0-9]{10})/", $request->phone, $matches);
        $phone = $matches[0];
        $user = User::query()
            ->with('orders.items.product')
            ->where('phone', $phone)
            ->where('sms_code', $code)
            ->first();

        $token = Str::random(60);
        $token = hash('sha256', $token);
        if ($user) {
            // Log in current user
            $user->update([
                'token' => $token,
                'sms_code' => null
            ]);
            Auth::login($user,true);
            return response()->json(['user' => $user], 200);
        } else {
            return response()
                ->json(['message' => 'Go away, pls'. $phone], 404)
                ->withCookie(cookie('token', $token, 0));
        }