Support the ongoing development of Laravel.io →
Laravel Configuration
0

Hello @flipmedia

The session lifetime configuration can be easily done in the .env file:

SESSION_LIFETIME = 525600 // this is equal to 1 year. Please choose a time that is more suitable for you.

You can also edit the session lifetime in config/session.php

'lifetime' => 1 * (60 * 24 * 365),

Thanks

0

Dear Faisal, Your solution will not work . I tried it before , but no result. Waiting more ideas.

Thanks

Anes P A

0
moderator

Hello @flipmedia is your config cached on the server?

If that is the case you can run php artisan config:cache to update the cache.

0

Its a part of solution @tvbeek. Not a full solution. Waiting more ideas. In my new installation I got "laravel_solution" expire/max-age value as 'Session' but remaining is 'XSRF-TOKEN', please advise

0
moderator

For the XSRF-Token you need to dive in the inner working of Laravel.

I see that the VerifyCsrfToken middleware has a function newCookie that creates the cookie and it multiplies the session lifetime with 60. https://github.com/laravel/framework/blob/10.x/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php#L208

A default Laravel project has a VerifyCsrfToken middleware that extends the middleware I linked to above (See: https://github.com/laravel/laravel/blob/10.x/app/Http/Middleware/VerifyCsrfToken.php )

In that class you can overwrite the newCookie function to change the lifetime. An (not tested) example

    protected function newCookie($request, $config)
    {
        return new Cookie(
            'XSRF-TOKEN',
            $request->session()->token(),
            0,// no lifetime
            $config['path'],
            $config['domain'],
            $config['secure'],
            false,
            false,
            $config['same_site'] ?? null
        );
    }
0

Thanks Dears ... Atlast my issue fixed .... Added 2 middlewares one for XSRF-TOKEN and one for laravel_session

sessionmiddleware code follows

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class SessionCookieMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next): Response
    {
        $response = $next($request);
        $sessionCookie = cookie('laravel_session');
        //$token = $request->session()->token();
        //$response->withCookie(cookie('XSRF-TOKEN', $token));
        $response->withCookie($sessionCookie);
        return $next($request);
    }
}

also added in Kernel.php as

\App\Http\Middleware\SessionCookieMiddleware::class,
................................................. ```



xsrf-token middleware code follows (it's actually already existing VerifyCsrfToken Middleware , replaced)


```<?php
namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{

  protected function addCookieToResponse($request, $response)
  {
    $token = $request->session()->token();
    $response->withCookie(cookie('XSRF-TOKEN', $token));
  }

}`

my .env file as

```APP_NAME=Laravel
APP_ENV=production
APP_KEY=base64:7SBUI3aIXlVE9T2igKwVbKC=
APP_DEBUG=true
APP_URL=http://10.5.2.1/chatCars

LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=localhost123
DB_PORT=3306
DB_DATABASE=itmb
DB_USERNAME=root099
DB_PASSWORD=Ma@22

my config/session.php as

<?php

use Illuminate\Support\Str;

return [

    /*
    |--------------------------------------------------------------------------
    | Default Session Driver
    |--------------------------------------------------------------------------
    |
    | This option controls the default session "driver" that will be used on
    | requests. By default, we will use the lightweight native driver but
    | you may specify any of the other wonderful drivers provided here.
    |
    | Supported: "file", "cookie", "database", "apc",
    |            "memcached", "redis", "dynamodb", "array"
    |
    */

    'driver' => env('SESSION_DRIVER', 'file'),

    /*
    |--------------------------------------------------------------------------
    | Session Lifetime
    |--------------------------------------------------------------------------
    |
    | Here you may specify the number of minutes that you wish the session
    | to be allowed to remain idle before it expires. If you want them
    | to immediately expire on the browser closing, set that option.
    |
    */

    'lifetime' => env('SESSION_LIFETIME', 'Session'),
   
    'expire_on_close' => true,
    

    /*
    |--------------------------------------------------------------------------
    | Session Encryption
    |--------------------------------------------------------------------------
    |
    | This option allows you to easily specify that all of your session data
    | should be encrypted before it is stored. All encryption will be run
    | automatically by Laravel and you can use the Session like normal.
    |
    */

    'encrypt' => false,

    /*
    |--------------------------------------------------------------------------
    | Session File Location
    |--------------------------------------------------------------------------
    |
    | When using the native session driver, we need a location where session
    | files may be stored. A default has been set for you but a different
    | location may be specified. This is only needed for file sessions.
    |
    */

    'files' => storage_path('framework/sessions'),

    /*
    |--------------------------------------------------------------------------
    | Session Database Connection
    |--------------------------------------------------------------------------
    |
    | When using the "database" or "redis" session drivers, you may specify a
    | connection that should be used to manage these sessions. This should
    | correspond to a connection in your database configuration options.
    |
    */

    'connection' => env('SESSION_CONNECTION'),

    /*
    |--------------------------------------------------------------------------
    | Session Database Table
    |--------------------------------------------------------------------------
    |
    | When using the "database" session driver, you may specify the table we
    | should use to manage the sessions. Of course, a sensible default is
    | provided for you; however, you are free to change this as needed.
    |
    */

    'table' => 'sessions',

    /*
    |--------------------------------------------------------------------------
    | Session Cache Store
    |--------------------------------------------------------------------------
    |
    | While using one of the framework's cache driven session backends you may
    | list a cache store that should be used for these sessions. This value
    | must match with one of the application's configured cache "stores".
    |
    | Affects: "apc", "dynamodb", "memcached", "redis"
    |
    */

    'store' => env('SESSION_STORE'),
    'session_cookie_domain' => null,

    /*
    |--------------------------------------------------------------------------
    | Session Sweeping Lottery
    |--------------------------------------------------------------------------
    |
    | Some session drivers must manually sweep their storage location to get
    | rid of old sessions from storage. Here are the chances that it will
    | happen on a given request. By default, the odds are 2 out of 100.
    |
    */

    'lottery' => [2, 100],

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Name
    |--------------------------------------------------------------------------
    |
    | Here you may change the name of the cookie used to identify a session
    | instance by ID. The name specified here will get used every time a
    | new session cookie is created by the framework for every driver.
    |
    */

    'cookie' => env(
        'SESSION_COOKIE',
        Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
    ),

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Path
    |--------------------------------------------------------------------------
    |
    | The session cookie path determines the path for which the cookie will
    | be regarded as available. Typically, this will be the root path of
    | your application but you are free to change this when necessary.
    |
    */

    'path' => '/',

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Domain
    |--------------------------------------------------------------------------
    |
    | Here you may change the domain of the cookie used to identify a session
    | in your application. This will determine which domains the cookie is
    | available to in your application. A sensible default has been set.
    |
    */

    'domain' => env('SESSION_DOMAIN'),

    /*
    |--------------------------------------------------------------------------
    | HTTPS Only Cookies
    |--------------------------------------------------------------------------
    |
    | By setting this option to true, session cookies will only be sent back
    | to the server if the browser has a HTTPS connection. This will keep
    | the cookie from being sent to you when it can't be done securely.
    |
    */

    'secure' => env('SESSION_SECURE_COOKIE'),

    /*
    |--------------------------------------------------------------------------
    | HTTP Access Only
    |--------------------------------------------------------------------------
    |
    | Setting this value to true will prevent JavaScript from accessing the
    | value of the cookie and the cookie will only be accessible through
    | the HTTP protocol. You are free to modify this option if needed.
    |
    */

    'http_only' => true,

    /*
    |--------------------------------------------------------------------------
    | Same-Site Cookies
    |--------------------------------------------------------------------------
    |
    | This option determines how your cookies behave when cross-site requests
    | take place, and can be used to mitigate CSRF attacks. By default, we
    | will set this value to "lax" since this is a secure default value.
    |
    | Supported: "lax", "strict", "none", null
    |
    */

    'same_site' => 'lax',

];

Hope it help some one. N.B Final point in .env file

SESSION_SECURE_COOKIE=false

after HTTPS only make it true . Else 'laravel_session' will not "Session"

Thanks

Anes P A

Last updated by @flipmedia 9 months ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

flipmedia flipmedia Joined 22 Nov 2016

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.