Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi all,
I am using version 6 of laravel, and use the database as a driver for the session. everything going well except that laravel create a row in the database for every request, even request from bot, spider, or load-balancer check, this is a big issue and create a massive row in sessions table in DB.
How can I create session only for authenticated users? what is the best approach to achieve these requirements?
ps:
I created a middleware and inject it to HTTP/Kernel.php before StartSession middleware.
this middleware is responsible for check user-agent from request to determine the type of visitor, if a user keeps session driver and config or changes it to cookie if middleware guessed request is not by a user.
but I don't know if this is a good approach or not.
Untested but an idea
Create a new route file and register it in RouteserviceProvider. Make this new route collection run totally without any session middleware
Put all routes without auth inside this new route file
but this means duplicate routes in files, cause most of the routes can be accessed by the authenticated user and un-authenticated users Guess URL like http://example.com/posts this route can be accessed by anonymous and authenticated users where should put this route? as I got from the answer that should be duplicated in web.php and new route file,
Please or to participate in this conversation.