Level 46
Encrypt the value before you send it and decrypt it when you get a request.
Aug 13, 2017
7
Level 2
Use session in Laravel API when frontend is Vuejs2
Hi, I have written an application that backend is laravel and frontend is Vuejs2. backend and frontend are totally separated and comunicate to each other with JSON. I want to store a session in laravel and put something like reserve_id in session and track the user with this reserve_id. Although I can't send reserve_id to user because it's not safe so I can't just store it in localstorage. please help! Thanks
Level 2
Dear Sir @topvillas So what if user copy this encrypted value and paste to local storage in another request?
Level 7
Then the users still uses his own session.
Level 46
How do you think sessions are handled normally in Laravel?
1 like
Level 2
@topvillas you are right! sorry about my stupid question!
Level 46
It's not a stupid question. You're right to be concerned about security.
Level 13
If you're concerned about session hijacking, you'll need to implement some server-side checks to, for example, make sure the user's IP and/or user agent haven't changed since the session started.
I'm not an expert on the subject, but I'm sure there are plenty of resources online on ways to prevent session token hijacking/reuse.
Please or to participate in this conversation.