Http Session tutorial in laravel 8
Session :We can set the session data with two ways.
i. Golbal Session helper : global[‘key’=>’value’]
ii. Via Request Instance : $request->session()->put(‘key’,’value’)
Also we can get the session data using two ways
Global session: session(‘key’)
$request->session()->get('key');
Retrieve all session data:
$request->session()->all();
Result:
{"key":"value","_token":"KHQeOmBtAjxXeBJ2blh6JD1T6G5leGP1Xo6kU81F","_previous":{"url":"http:\/\/127.0.0.1:8000"},"_flash":{"old":[],"new":[]}}
then,we check to see if an item exits:
In route setting some key for session using global session helper.
session(['key' => 'value']); session(['users'=>'']);
When we use has method with session() it will return true if user present in session .
if ($request->session()->has('user')) { return $request-session()->get(‘user’); } else if ($request->session()->has('key')) { return $request->session()->get('key'); }
Result will be “value” as it will not return anything if a key’s value is null.We can also do this with exist method
if($request->session()->exists('users')) { return "User :".$request->session()->get('users'); } else if($request->session()->exists('key')) { return "Key :".$request->session()->get('key'); }
But this time the result will come from ‘users’ key as it will return the value even if the key is null value.
Missing Method:
Using missing with session we can determine if a key is missing
if ($request->session()->missing('kkk')) { return 'missing'; }
Setting and getting new value to session array using put
$request->session()->put('key2','val2'); return $request->session()->pull('key2');
But
$request->session()->put('key2','val2'); $request->session()->pull('key2'); if ($request->session()->has('key2')) { return 'user'; } else { return 'missing key2'; }
The result will be ‘missing key2’ as pull not only retrieve the key but also delete the key.
Incrementing and decrementing:
We can increment and decrement the session value
echo $request->session()->increment('key5'); return $request->session()->increment('key5'); $request->session()->decrement('count');
Result will 1 for first statement , 2 for second statement and 1 for last statement.
Note; When we use increment, decrement, it will automatically set the session value for us.
Flash Data:If we want to set the for next request then have to save the data using flash.
$request->session()->flash(‘key’,’val’);
Deleting Session data:
$request->session()->forget(‘key’);
To remove all data we have to use flash()
$request->session_>flash();
Session Fixation : When an attacker hijack a valid user session is called Session Fixation.
Regenerating The session ID:
To prevent session fixation we have to regenerate session id . Laravel automatically regenerates the session ID during authentication we we use one of the Laravel application starter kits or Laravel Fortify. Otherwise we have to do it manually
$request->session()->regenerate();
We also can regenerate() the session and remove all session data with it using below code
$request->session()->invalidate();