Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

GKMelbo's avatar

What does Laravel session cookie store?

Hi, I've been trying to find out what information the session cookie in Laravel stores in regards to the new GDPR law. But I can't find any information on this. Does it store the same information as the docs says when you choose database instead of cookie?

Schema::create('sessions', function ($table) {
    $table->string('id')->unique();
    $table->unsignedInteger('user_id')->nullable();
    $table->string('ip_address', 45)->nullable();
    $table->text('user_agent')->nullable();
    $table->text('payload');
    $table->integer('last_activity');
});

But the GDPR law states that ip addresses are considered sensitive information, so wouldn't that be a problem?

0 likes
4 replies
36864's avatar

Have you tried just looking at the cookie?

By default, the session cookie stores a session identifier.

All session data is kept on the server.

GKMelbo's avatar

@36864 I tried to use the chrome inspect tool, but the value is encrypted, and I don't know how to decrypt it.

36864's avatar

If it's encrypted, you can decrypt it in your app using tinker by simply calling decrypt($string).

Cronix's avatar

I believe session cookie value just contains the session id: $table->string('id')->unique();

Please or to participate in this conversation.