Level 1
Anyone? :D
Jul 3, 2019
4
Level 1
How long is ONE api session?
Hi.
My question is around localization, and understanding the session length.
My understanding is, that when a user is login in with blade (non-api) the session length is until the user closes the browser tab.
Question: But when you have a API based frontend-SPA, that uses Axios (vue in my case). How long is ONE laravel session? I guess ONE api-session is equal to ONE request? is this correct? or how am I supposed to think of one api-session? (backend-laravel)
Level 43
API has no sessions, it's stateless. You authenticate each request via the token: https://laracasts.com/series/laravel-vue-and-spas
And when you log in via the default login scaffolding on Laravel, session is good for some time, but not when you close the browser. It's still valid after you reopen the browser. Well... depending on your session driver :)
Level 39
So there are three answers to this:
-
Using sessions (e.g: logging in not through an API). The session doesn't end when the user closes the tab, by default. It is an option in the configuration files tho. But the default session time is 2 hours.
-
Your front-end API (e.g: a first-party app), instead of authenticating itself on every request, it will usually store a cookie, which I believe also uses the default session time of 2 hours.
-
Using an API (e.g: third party), is stateless, thus auth is required on every request, therefore, yes, it is only valid for the one request.
Level 1
Thanks! :)
Please or to participate in this conversation.