Level 5
I managed to narrow down the problem to the EncryptCookie middleware. Somehow the cookie values cannot be properly decrypted and the payloads are empty. Disabling the middleware 'solved' the problem. Is this a known problem?
Apr 25, 2016
2
Level 5
Laravel 5 Session ID regenerates on every request
I have a bit of a problem with the laravel sessions. When I apply the 'web' middleware to a route group, the session ID for the user that visits a page in that group gets refreshed on every request. The session itself works just fine and values are persisted. But the session storage gets flooded with session data. I tried it with local PHP, in homestead and on Forge. All yield the same result. At first I thought it was a problem with my application, but a fresh install of Laravel has the same issue. The code below is enough to reproduce the issue. Or is this intended behavior?
Route::group(['middleware' => 'web'], function() {
Route::get("/", function() {
return "hi";
});
});
Level 10
You shouldn't persist session id, regenerating is a safety against hijacks.
Hm.. but of course, your storage shouldn't be 'flooded' with data.
Please or to participate in this conversation.