I would use the database session driver. Even though pricing on GCS seems to be free for ingress/egress within the cloud, I would be worried about unexpected fees for accessing GCS on every request.
The other option is to just trust the encryption of the default session cookies and use a fat session cookie. Or implement your own fat session cookie with JWT.
(Note that if GCS doesn't support file locking then both the file and database solutions have concurrency problems where you can lose session data.)
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast