Level 88
I think it's a good practice to encrypt these kind of things in general. I don't see a reason not to so
Anyway, performance wise this shouldn't be a concern since it's such a small change!
Jan 3, 2018
1
Level 17
Should the Laravel session cookie be encrypted on all session drivers? (laravel_session)
Anyone knows why Laravel encrypts the session cookie (laravel_session) by default, not the data just the cookie, when not selecting the cookie driver for sessions?
I think it’s worthless since it only encrypts the session id (no sensible info IMHO) which it would be the file name in case you use the file driver or the key if you use redis, memcached, array etc...
It only makes the request payload heavier and also encrypt and decrypt that cookie every request which it should make the app slower.
What do you think?
Do this cookie should be encrypted only when selecting the cookie driver?
Please or to participate in this conversation.