Support the ongoing development of Laravel.io →
iben12
posted 9 years ago
Requests

I don't know if this is normal, but I have considerations: I'm running Laravel Lumen and using cookies for a kind of action (keep track of the user already validated a code). I have the EncryptCookies middleware enabled, so the cookies I set should be encrypted and signed. This means (by Laravel docs), that it is considered invalid if tampered with.

However, if I validate the code on one browser/computer so I have the cookie created (let's say Code:valid, the value encrypted of course) and use one of the Cookie tool add-ons available for Chrome/Firefox to create the cookie on another computer or change ex. the expiry of the cookie... it works, Laravel accepts the handmade or changed cookie.

Is there something I am missing?

I am checking the cookie like this

if ( $request->cookie('code') == 'valid' ) {
Last updated 3 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

iben12 iben12 Joined 14 Apr 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy NativePHP
Fathom
Forge
Envoyer
Beyond Code
BairesDev
N-iX
Litslink

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) Bluesky Bluesky GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2025 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise