Level 52
I just checked a fresh L4.2 and I get only the laravel_session cookie...
Jan 8, 2015
9
Level 2
Session Cookies
A standard Laravel app seems to be setting two cookies, one with the name set in the session config file and another with a random string.
Does anyone know what this second cookie is, is it the standard php session cookie?
Thanks
Level 2
What version of php are you using?
I am seeing this extra cookie on a couple of separate apps.
Level 52
PHP 5.5.12
Level 2
I am seeing this across different sites, some local and some remote with a variety of different servers.
The cookie has the same expiration time as the main session cookie but doesn't have the secure flag set (the reason I am looking into this).
If I delete either of the cookies I get logged out so it seems its a laravel thing.
Does the csrf protection use the main laravel session cookie?
Level 65
Laravel doesn't use PHPSESSID so what's the contents of the cookie? Only ones you'll have on a fresh app are the one named laravel_session (set in config) and remember_(md5string)
Level 2
The name is a 40 character random string and it contains a large chunk of encrypted data.
Level 2
You can see it here on this forge hosted site. https://bbms.buildbrighton.com/
Level 65
Yeah not too sure, doesn't do that on my Laravel 4.2.* sites.
PHP 5.3 and 5.5 if it means anything, probably not.
Level 2
I am running php 5.5 on everything and this occurs on apache, nginx and artisan serve.
Hopefully someone else might have an idea
Please or to participate in this conversation.