dimanche 29 mars 2020

Laravel - Stop creating/updating laravel session for unauthorized users?

Laravel Version using - 5.4

In laravel when unauthorized user trying to login, a separate session is been created, I want to stop this session value creation and updation for unauthorized users

Ex - When a user trying to access https://www.example.com/login by providing wrong credentials in that case session value is been created and updated.

Session value will create/update for every request - In laravel all request pass through kernal.php Where StartSession is one middleware that is included globally.

app/Http/Kernal.php

/**
     * The application's global HTTP middleware stack.
     *
     * These middleware are run during every request to your application.
     *
     * @var array
     */
    protected $middleware = [
        \Illuminate\Session\Middleware\StartSession::class,
    ];

\Illuminate\Session\Middleware\StartSession::class - having one method.

/**
     * Start the session for the given request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Contracts\Session\Session
     */
    protected function startSession(Request $request)
    {
        return tap($this->getSession($request), function ($session) use ($request) {
            $session->setRequestOnHandler($request);

            $session->start();
        });
    }

which will create a session for every request. I would like to restrict the creation of a session in case of the unauthorized user who is trying "/login" URL & in case of forgot password or with invalid credentials.

Here, session driver, we are using as Redis server

SESSION_DRIVER=redis

As the session is been created for every request - Redis server memory utilization is getting consumed completely because of that I would like to restrict session creation / updation in case of forgot password or with invalid credentials.



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire