Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Dear Friends, I am setting session life time as 120 seconds. How to avoid it by XSRF Unique for each request . I tried middleware method, but not working. Any body please help ... my dashboard url like http://xx.x.yy.aaa/itCareers/public/index.php/Dashboard can access by stole laravel_session and CSRF-Token.
Please help
Thanks
Anes P A
This will always be the case which is why we use SSL and encrypted cookies.
Session lifetime of 2 minutes, are you sure? Default is 120 minutes
If you are concerned about security, why on earth do you have public folder visible in your URLs. Focus on the basics first.
@Snapey I set 2 minutes in .ENV file as
BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=2
is that enough ?
Please give an answer to the thread.
@insight I have given an answer to the thread.
So, your session lifetime is 2 minutes. How is anyone expected to use the site? They can't spend two minutes reading a page to decide what to do next or they will be logged out? Or answer the phone? or go to the toilet etc.
Why don't you put up a notice that says "Not for customer access"
I think there's no problem here, laravel got your back when it comes to session Hijacking , it secures cookies and ensures it will be sent over https only , just make sure to use SSL certificate to encrypt the data between the server and the client.
you can increase the session lifetime as long as your app needs and don't worry about session hijacking.
@AhmedRagab Ok so I need to setup HTTPS , that make the solution right ? no other method is a solution right ?
Please or to participate in this conversation.