Matt The Ninja Matt The Ninja - 1 month ago 13
PHP Question

Laravel 5.2 persistent session id through login, ok to use _token?

I need to reserve items in my database when a user adds them to his/her basket. I am currently using the session id (

Session::getId()
) however this is regenerated at login. Whilst you can shop as a guest, to checkout you must register.

If i take a look at all session variables with
$request->session()->all()
i have come across the
_token
, this looks like a unique string and it does not regenerate at login, i was therefore thinking of using this for my baskets?

Is this safe?

If not alternatively i would have to generate my own uuid's in PHP and store them as basket_id or something, this would save me having to do this.

Many thanks in advance.

Answer

Okay, so I copy my comment here:

_token is to defend against csrf attack. More here: laravel.com/docs/5.3/csrf

_token field is unique per request. You can send this token as request variable or cookie.

Remember - by default all post actions need this field (one of middlewares keep eye on this).

You have access to token value by function csrf_token() - or csrf_field() to get HTML input field.

Comments