Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello,
when a user login Laravel sets a cookie name as the following:
env('APP_NAME') . "_session";
But I have seen some people make it complicated and generate like big string for session name.
Does this really matter?
I've never seen anything that says its important, but it could be used to determine that this is a Laravel application and then use that knowledge to try some other vulnerability.
Changing the cookie name avoids unnecessary information leakage.
the answer I was looking for, thank you.
Please or to participate in this conversation.