Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

LudoNvl's avatar

Sessions Best Way ?

Hi Guys, I need some advise on Sessions. I mount an Lumen API that handle multiple Front Application. In some of these Front App, some is handled with laravel.

I want to work on user connections (so Sessions). I've made some research on Sessions. 5 Possibilities :

  • File
  • Database
  • Cookies
  • memcached
  • Array

I got two questions :

  • Who is best to handle sessions ? APIs or Web App
  • What is your adivse concerning these possibilities ?

Thanks for your time and your answer :)

0 likes
2 replies
lostdreamer_nl's avatar

My advise is for token based API : https://laravel.com/docs/5.6/passport. So on login, backend gets email + password and if ok, returns an access_token for this user and that token is used to keep the user logged in.

This way, no cookies have to be send on every request to the API, and you can revoke tokens if / when needed.

You can go for File / DB / Memcached sessions, it doesnt really make a big difference in speed.... DB Sessions are ofcourse more easily manageable (remove a current session for instance)

1 like
LudoNvl's avatar

I'm using Bearer token to provide a token for each request. Like that my lumen middleware can check if token is correct then do the request.

That concern the idea of "Can I do the request" but it not concern the session in terms of activity on the web app when connected.

Passport is a good idea but the problem is OAuth2. I will use SAML (SSO) for my multiple web apps.

Please or to participate in this conversation.