Laravel

Laravel how does temporarySignedRoute work?

Hello! I would like to know how a link like this works:

test/email/verify/19?expires=1586985879&hash=8026c...

and more methods of its creation and verification.

Such a link, as I understand it, is generated by a special method. The value of the signature parameter depends on the other parameters, and if they do not change, then the signature will be constant . (as I understood and checked)

I found a method in laravel to generate such a link during registration:

protected function verificationUrl($notifiable)
    {
        return URL::temporarySignedRoute(
            'verification.verify',
            Carbon::now()->addMinutes(Config::get('auth.verification.expire', 60)),
            [
                'id' => $notifiable->getKey(),
                'hash' => sha1($notifiable->getEmailForVerification()),
            ]
        );
    }

Question 1 Previously, there was no hash in this method. What has changed since then? Does this hash protect somehow or does it have another function? Is it (hash) stored somewhere?

Question 2 This link can be faked somehow, right? If you forge it, you can, after all, gain access to, for example, verification of someone else's mail. There is an option that hash once again protects against support, but then it must be stored logically somewhere and checked after.


Question 3 I opened Laravel on a late version and a little early (0.2 points I think) and found that there is no hash in the transfer. Has anything changed significantly with and without hash?