Laravel sends the session and csrf cookie in every response. That is additional trafic that's not needed. With this changes the session cookie and csrf cookie don't get resend to the client every time if they did not change (but at least once an hour to prevent client side expiring).
-
-
Save ghsolutions/7c9a2a5b607c5fea56a154e379490784 to your computer and use it in GitHub Desktop.
Laravel less cookies in response
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| replace | |
| \Illuminate\Session\Middleware\StartSession::class | |
| with | |
| \App\Http\Middleware\StartSession::class | |
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace App\Http\Middleware; | |
| use Illuminate\Http\Request; | |
| use Symfony\Component\HttpFoundation\Response; | |
| use Illuminate\Contracts\Session\Session; | |
| class StartSession extends \Illuminate\Session\Middleware\StartSession | |
| { | |
| /** | |
| * After how many seconds the cookie should be resend to the client | |
| */ | |
| const COOKIE_RESEND_INTERVAL = 3600; | |
| protected $request; | |
| public function handle($request, \Closure $next) | |
| { | |
| $this->request = $request; | |
| return parent::handle($request, $next); | |
| } | |
| /** | |
| * Add the session cookie to the application response. | |
| * But only if it was not set recently. (reduce cookie encryption and bandwith overhead) | |
| */ | |
| protected function addCookieToResponse(Response $response, Session $session) | |
| { | |
| $cookieSetTime = $session->get('session_cookie_set_time'); | |
| if ( | |
| $session->getId() !== $this->request->cookie($session->getName()) | |
| || !$cookieSetTime | |
| || $cookieSetTime + self::COOKIE_RESEND_INTERVAL < time() | |
| ) { | |
| $session->put('session_cookie_set_time', time()); | |
| parent::addCookieToResponse($response, $session); | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace App\Http\Middleware; | |
| use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware; | |
| class VerifyCsrfToken extends Middleware | |
| { | |
| /** | |
| * After how many seconds the cookie should be resend to the client | |
| */ | |
| const COOKIE_RESEND_INTERVAL = 3600; | |
| /** | |
| * Indicates whether the XSRF-TOKEN cookie should be set on the response. | |
| * | |
| * @var bool | |
| */ | |
| protected $addHttpCookie = true; | |
| /** | |
| * The URIs that should be excluded from CSRF verification. | |
| * | |
| * @var array | |
| */ | |
| protected $except = [ | |
| // | |
| ]; | |
| protected function addCookieToResponse($request, $response) | |
| { | |
| $session = $request->session(); | |
| $cookieSetTime = $session->get('csrf_cookie_set_time'); | |
| if ( | |
| $request->session()->token() !== $request->cookie('XSRF-TOKEN') | |
| || !$cookieSetTime | |
| || $cookieSetTime + self::COOKIE_RESEND_INTERVAL < time() | |
| ) { | |
| $session->put('csrf_cookie_set_time', time()); | |
| return parent::addCookieToResponse($request, $response); | |
| } | |
| return $response; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment