How to secure XSRF-Token and laravel_session

Posted 5 months ago by kshitizmittal

I am using chrome browser, while inspecting cookies I am unable to get check on secure parameter for XSRF-Token and laravel_session.

Though I have implemented the below code in session.php and VerifyCsrfToken.php :-

  1. session.php
/*
    |--------------------------------------------------------------------------
    | HTTPS Only Cookies
    |--------------------------------------------------------------------------
    |
    | By setting this option to true, session cookies will only be sent back
    | to the server if the browser has a HTTPS connection. This will keep
    | the cookie from being sent to you if it can not be done securely.
    |
    */

    'secure' => env('SESSION_SECURE_COOKIE', true),
  1. VerifyCsrfToken.php
protected function addCookieToResponse($request, $response)
    {
        $config = config('session');
        $response->headers->setCookie(
            new Cookie(
                'XSRF-TOKEN', $request->session()->token(), $this->availableAt(60 * $config['lifetime']),
                $config['path'], $config['domain'], $config['secure']=true, true, true, $config['same_site']="strict" ?? null
            )
        );
        return $response;
    }

Please sign in or create an account to participate in this conversation.