Laravel 5.2 persistent session id through login, ok to use _token?
Question
I need to reserve items in my database when a user adds them to his/her basket. I am currently using the session id ( Session::getId() ) however this is regenerated at login. Whilst you can shop as a guest, to checkout you must register.
If i take a look at all session variables with $request->session()->all() i have come across the _token , this looks like a unique string and it does not regenerate at login, i was therefore thinking of using this for my baskets?
Is this safe?
If not alternatively i would have to generate my own uuid's in PHP and store them as basket_id or something, this would save me having to do this.
Many thanks in advance.
2 answers
solution1
1 ACCPTED 2016-10-21 09:36:59
Okay, so I copy my comment here:
_token is to defend against csrf attack. More here: laravel.com/docs/5.3/csrf
_token field is unique per request. You can send this token as request variable or cookie.
Remember - by default all post actions need this field (one of middlewares keep eye on this).
You have access to token value by function csrf_token() - or csrf_field() to get HTML input field.
solution2
0 2016-10-21 08:06:54
Laravel has a database driver for sessions, https://laravel.com/docs/5.3/session#driver-prerequisites .
Using that you can reference the session table in your reserved items table. You will know whether a user is a guest.
You can even see the last activity and base your reserved items on that.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.