Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Sven0188's avatar

Laravel 5.4 :: Session to hold parent ID's

Good day Everyone,

I am curious as to whether it is acceptable practice to store the ID of a 1:m relationship in the session()?

For example - I have items and each item have multiple images. This is a 2 step process to create/edit an item and thereafter upload images.

So when creating an item I store the item ID in session() then redirect to my images controller method to upload the item's images. Will this not lead to any issues later? How long is the session variables valid? And also in terms of security? Any issues there?

Here is example code:

        $items= Item::findOrFail($id)->update($request->all());
        session(["item_id" => $item->id]);
        return redirect()->route("items.index")->with("message", $this->titleSingular . " Updated Successfully.");

Please advise :)

0 likes
6 replies
martinbean's avatar
martinbean
8 years ago
Best Answer
Level 80

@Sven0188 If you have resourceful controllers, then you can just have a controller for uploading an item’s images and redirect to that:

// Items
Route::post('items', [
    'uses' => 'ItemController@store',
    'as' => 'item.store',
]);

// Item Images
Route::get('items/{item}/images', [
    'uses' => 'ItemImageController@index',
    'as' => 'item.image.index',
]);

Route::get('items/{item}/images/create', [
    'uses' => 'ItemImageController@create',
    'as' => 'item.image.create',
]);

Route::post('items/{item}/images', [
    'uses' => 'ItemImageController@store',
    'as' => 'item.image.store',
]);

class ItemController extends Controller
{
    public function store(CreateItemRequest $request)
    {
        $item = Item::create($request->all());

        return redirect()
            ->route('item.images.create', $item)
            ->withSuccess('Item created. Now add images.');
    }
}

class ItemImageController extends Controller
{
    public function index(Item $item)
    {
        $item->load('images');

        return view('item.image.index', compact('item'));
    }

    public function create(Item $item)
    {
        return view('item.image.create', compact('item'));
    }

    public function store(UploadImageRequest $request, Item $item)
    {
        $path = $request->image->store();

        $item->images()->create([
            'path' => $path,
        ]);

        return redirect()
            ->route('item.image.index', $item)
            ->withSuccess('Item image uploaded successfully.');
    }
}
1 like
Snapey's avatar

you could do but your application will be confused if the user opens another tab and tries to perform similar functions in the other tab. This is because both tabs share the same session ID and therefore the same session variables

more common practice is to pass the id in the url, like /items/34/images

1 like
Sven0188's avatar

Thanks for both responses. Very valuable.

@martinbean: how would I manage to still use form request validation on my image controller? You example is very good and helpful but I was hoping I can still pass my form request to the controller methods? Or do I pass them as the first param and then the actual item as second object like:

    public function store(ItemImageCreateRequest $request, Item $item) {
        $item->images()->create($request->all());
}

Will this still be valid and working?

spekkionu's avatar

The order of the parameters in your controller actions does not matter. You just need to name the variables the same as the route parameters. Any other parameters will be pulled from the IOC container.

1 like
martinbean's avatar

@Sven0188 Yes. I included a form request type-hint in my example. Laravel will then attempt to resolve the other parameters using route–model binding.

1 like
Sven0188's avatar

Aaah sorry my apologizes :) See your example does include request.

Please or to participate in this conversation.