Matt The Ninja Matt The Ninja - 1 year ago 146
PHP Question

Laravel 5.2 persistent session id through login, ok to use _token?

I need to reserve items in my database when a user adds them to his/her basket. I am currently using the session id (

) however this is regenerated at login. Whilst you can shop as a guest, to checkout you must register.

If i take a look at all session variables with
i have come across the
, this looks like a unique string and it does not regenerate at login, i was therefore thinking of using this for my baskets?

Is this safe?

If not alternatively i would have to generate my own uuid's in PHP and store them as basket_id or something, this would save me having to do this.

Many thanks in advance.

Answer Source

Okay, so I copy my comment here:

_token is to defend against csrf attack. More here:

_token field is unique per request. You can send this token as request variable or cookie.

Remember - by default all post actions need this field (one of middlewares keep eye on this).

You have access to token value by function csrf_token() - or csrf_field() to get HTML input field.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download