9 months ago

How to secure XSRF-Token and laravel_session

Posted 9 months ago by kshitizmittal

I am using chrome browser, while inspecting cookies I am unable to get check on secure parameter for XSRF-Token and laravel_session.

Though I have implemented the below code in session.php and VerifyCsrfToken.php :-

  1. session.php
    | HTTPS Only Cookies
    | By setting this option to true, session cookies will only be sent back
    | to the server if the browser has a HTTPS connection. This will keep
    | the cookie from being sent to you if it can not be done securely.

    'secure' => env('SESSION_SECURE_COOKIE', true),
  1. VerifyCsrfToken.php
protected function addCookieToResponse($request, $response)
        $config = config('session');
            new Cookie(
                'XSRF-TOKEN', $request->session()->token(), $this->availableAt(60 * $config['lifetime']),
                $config['path'], $config['domain'], $config['secure']=true, true, true, $config['same_site']="strict" ?? null
        return $response;

Please sign in or create an account to participate in this conversation.