Support the ongoing development of Laravel.io →

Forum
Articles
Pastebin
- Discord
- Larachat
- IRC
- Laravel
- Laracasts
- Laravel News
- Podcast
- Ecosystem

Forum Does the CSRF-Token have to be a Cookie?

posted 3 weeks ago

Security Session

Security Session

Last updated by @mawe4585 3 weeks ago.

0

replied 2 weeks ago

According to the docs, it is only included as a convenience to the developer and not needed. You can just rely on the header instead and override the ValidateCsrfToken to not send the http cookie: protected $addHttpCookie = true;

0

Sign in to participate in this thread!

PHPverse

Your banner here too?

Martin Weber mawe4585 Joined 27 May 2025

Moderators

driesvints Joined 16 Dec 2013
joedixon Joined 23 Jun 2014
tvbeek Joined 8 Jan 2018

We'd like to thank these amazing companies for supporting us

PhpStorm

NativePHP

Fathom

Forge

Envoyer

Beyond Code

BairesDev

N-iX

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

(Twitter) Bluesky GitHub

The community

Laravel

Laravel News

Laracasts

Laravel Podcast

Laravel Podcast

© 2025 Laravel.io - All rights reserved.

Terms of service Privacy policy Advertise