acorn icon indicating copy to clipboard operation
acorn copied to clipboard
verified publisher icon roots

laravel_session cookie added to web routes by default

Open oxyc opened this issue 1 year ago • 4 comments

Version

v5

What did you expect to happen?

No set-cookie headers added for anonymous visitors

What actually happens?

laravel_session cookie added to responses

Steps to reproduce

request any route with web middleware applied

System info

No response

Log output

No response

Please confirm this isn't a support request.

Yes

oxyc avatar Aug 24 '24 13:08 oxyc

I know I can turn off the session middleware stuff but would be better if those were opt-in or all page caches will break by default

oxyc avatar Aug 24 '24 13:08 oxyc

Are you mainly referring to when on WordPress routes? Otherwise, Laravel always creates a session cookie like that with the session middleware.

Log1x avatar Aug 24 '24 23:08 Log1x

When on WordPress routes. Im fine just removing the middleware though if you do want to go with this as the default. But I guess others might find it unexpected too since you cant cache responses with set-cookie and Europeans need to declare the cookie in a policy.

oxyc avatar Aug 24 '24 23:08 oxyc

yeah it should definitely be easier to configure and have some saner defaults for wordpress. will figure something out 🙏

Log1x avatar Aug 24 '24 23:08 Log1x

is there any way to totally disable the session cookie??

lagiosdi avatar Nov 15 '24 10:11 lagiosdi 

Application::configure()
    ->withProviders([
    ])
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->removeFromGroup('web', [
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        ]);
    })
    ->boot();

oxyc avatar Nov 15 '24 10:11 oxyc

@oxyc, thank you very much. But where I write this code? It is not possible to add in vendor folder.

lagiosdi avatar Nov 15 '24 10:11 lagiosdi