Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi, For the needs of my project i need to disable VerifyCsrfToken on a few routes , in order to send POST calls from an external client to my app. So i put the routes in the $except array in VerifyCsrfToken.php
But in one route (the route A) , i store something in the Session. And in a second route (the route B) i try to check the content of the Session. But when i call the route A and then the route B from my client, the Session seems to be destroyed and i can't recover my values stored in the route A. Is this behaviour normal?
Thanks.
P.S : I'm using Laravel 5.2
I send request via a script in C# The client do not store nor use the session ID. I do not think it's secure to send the session id in the request I'm trying to store things like token in SESSION, but maybe it's impossible without CRSF protection, maybe i will try to store in the database
Please or to participate in this conversation.