Setting Raw Cookie

I'm using Laravel 7. I am adding a cookie to the response of a route that successfully sets a cookie. This line is added to the response object.

 ->withCookie(cookie('app.fullname', 'FullName='.Auth::user()->name, 0, '/', 'example.com', true, true, true, 'lax'))

The cookie method is in the internals of Laravel follows eventually goes to the Symfony cookie method.

return new Cookie($name, $value, $time, $path, $domain, $secure, $httpOnly, $raw, $sameSite);

Even though the Laravel docs do not show all of that, you can find it in the vendor code by following the definitions. Every option works and handles the values appropriately except for the boolean of $raw. The cookie should not be encrypted with the $raw set to true. However, the cookie is encrypted whether the value is set to true or false.

Can anyone explain this behavior or is there a problem?

Thank you.

devingray_

5 years ago

Level 8

Laravel Has an Encrypt Cookies Middleware.

The best approach is to add an exception for specific cookies in the $except array

namespace App\Http\Middleware;

use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter;

class EncryptCookies extends BaseEncrypter
{
    
    protected $except = [
        'name_of_cookie_to_exclude_from_encryption'
    ];
}

OR if more your style

You may add this to to the boot method of a registered service provider

App\Http\Middleware\EncryptCookies::disableFor('name_of_cookie_to_exclude_from_encryption');

3 likes

abishekrs

1 year ago

Level 2

How do I do this in Laravel 11?

martinbean

1 year ago

Level 80

@abishekrs By reading the docs instead of bumping three-year-old topics: https://laravel.com/docs/11.x/responses#attaching-cookies-to-responses

If you don’t want a particularly cookie to be encrypted, then you need to tell Laravel to not do so: https://laravel.com/docs/11.x/responses#cookies-and-encryption

Please or to participate in this conversation.