Cookie Value (ID) vs Session ID

I think it is encrypted in the cookie. So someone stealing your cookie can't steel your session.

I essentially want to use the laravel cookie as the auth cookie in other apps (using a shared session database between the two) a single-sign-on type solution. So if what you are saying is correct, if I know the decrypt key I can decrypt it in my other apps? Any idea where I might find that?

I don't think you can do that, because a cookie is domain specific, so you need to redirect the user to the other domain as well, set the cookie their and redirect the user back to the original domain. Now you can use the same cookie on both domains.

Source: http://laravel.io/forum/03-14-2014-multiple-domains-how-to-share-login

I'm using a .domain.com cookie so I can read the cookie between domains. And both sites are writing sessions to a common table in a shared database. So I think I should be ok. It seems to work, the only issue I have is that laravel gives the user a different ID then the one it uses internally so having the other site be aware of the shared id between both hosts has proven tricky.

I suspect you are right, that laravel is just taking that id and hashing it or encrypting it. I'll need to either figure out a way of disabling the encryption on the id or obviously matching the encryption and the keys for it in my other site.

I am faced with the same issue... I am trying to get the session id from the larval cookie.

@pmaclean that is correct, although it is not well documented on laravel docs

session ID cookies are encrypted as of Laravel 4.1, on any driver

Source: https://github.com/laravel/framework/issues/2679#issuecomment-28093748