Access Web Session in APi

Any progress on that?

API is intended to be statless. And as such no you can't have access to session data (auth user).

Couple ways though.

Token based. A token is stored locally in JavaScript session. Then if available it's attached to the header (just like the csrf token in default install).

Draw back is each request where needed checks the token, queries the user and sets the user for that request cycle. Though default auth queries too.

Secondly you can set a meta and or script to allow user data to be grabbed. Similar to the csrf token again on the layout page.

Draw back is code lookers will easily see the data.

Thirdly you can respond with session data about the user on each request.

Drawback is keeping data in sync and code sniffers again.

The first one is considered best practice by majority of devs.

@EventFellows why not start a new thread and describe what you want to do?

Thank you @jekinney I will have to look into that.

In my use case it is specifically abuot the non-authenticated user as I want to 'carry around some data' before the user registers for usability and conversion reasons.

@Snapey I just wanted to hear if @awaismunawar found a solution and also did post a separate thread here: https://laracasts.com/discuss/channels/requests/storing-data-for-un-authenticated-users