Session icon indicating copy to clipboard operation
Session copied to clipboard
verified publisher icon Ghostff

Without cookie on the public frontend?

Open EdMueller opened this issue 7 months ago • 2 comments

Hi, it is possible to use Ghostff/Session on a private/public website without using a cookie in the frontend? I need the cookie only in the backend and the code base is (in parts) the same - so the public cookie confuses the system (based on Flight PHP).

EdMueller avatar May 31 '25 19:05 EdMueller

Out of the box, Ghostff/Session always sends a Set-Cookie header when you construct Session, regardless of which storage driver you use. So you cannot use it on the public site without a frontend cookie being set unless you either:

  • Avoid constructing Session on public routes, or
  • Scope the cookie so it won’t be sent by the browser on public requests (path/domain segregation),

Ghostff avatar Sep 19 '25 15:09 Ghostff

always sends a Set-Cookie header when you construct Session

Yes, i noticed that. My solution: I divided the shared routes into two separated realms (private, public) => More routes, more work - yes, i am lazy ;-).

EdMueller avatar Sep 22 '25 18:09 EdMueller