Laravel - what to use as session ID?











up vote
1
down vote

favorite












Im getting into laravel for backend purposes. I've noticed that there are several ID's provided by Laravel and I have no idea which one to use. When using "$request->session()->token();" it shows me an ID called _token. Then there's a Cookie token called laravel_session and apparently a 3rd one, consisting of numbers only, "session()->getId()". Which one is the one to use now?










share|improve this question


















  • 3




    You just read and write to the session, you don't need to know what the session ID is. The PHP constant SID will always give it to you.
    – miken32
    Nov 10 at 22:53










  • Im using AngularJS in the frontend so I need to set the SessionID at the login. My question however is, which one?
    – Konstantin Schlegel
    Nov 10 at 23:01






  • 1




    Your frontend does not need to know the session ID at all, that's got nothing to do with the frontend regardless of the framework you're using.
    – Stephen Lake
    Nov 10 at 23:55










  • Then how am I gonna verify SQL Queries that are meant for a specific user only?
    – Konstantin Schlegel
    Nov 11 at 0:12










  • @KonstantinSchlegel I think you need a tutorial on authentication and a little bit of information on frontend versus backend. Seems like you're mixing up your logic. The frontend doesn't do any SQL queries nor does it handle sessions at all. Best you google some tuts, there are many available.
    – Stephen Lake
    Nov 11 at 0:22

















up vote
1
down vote

favorite












Im getting into laravel for backend purposes. I've noticed that there are several ID's provided by Laravel and I have no idea which one to use. When using "$request->session()->token();" it shows me an ID called _token. Then there's a Cookie token called laravel_session and apparently a 3rd one, consisting of numbers only, "session()->getId()". Which one is the one to use now?










share|improve this question


















  • 3




    You just read and write to the session, you don't need to know what the session ID is. The PHP constant SID will always give it to you.
    – miken32
    Nov 10 at 22:53










  • Im using AngularJS in the frontend so I need to set the SessionID at the login. My question however is, which one?
    – Konstantin Schlegel
    Nov 10 at 23:01






  • 1




    Your frontend does not need to know the session ID at all, that's got nothing to do with the frontend regardless of the framework you're using.
    – Stephen Lake
    Nov 10 at 23:55










  • Then how am I gonna verify SQL Queries that are meant for a specific user only?
    – Konstantin Schlegel
    Nov 11 at 0:12










  • @KonstantinSchlegel I think you need a tutorial on authentication and a little bit of information on frontend versus backend. Seems like you're mixing up your logic. The frontend doesn't do any SQL queries nor does it handle sessions at all. Best you google some tuts, there are many available.
    – Stephen Lake
    Nov 11 at 0:22















up vote
1
down vote

favorite









up vote
1
down vote

favorite











Im getting into laravel for backend purposes. I've noticed that there are several ID's provided by Laravel and I have no idea which one to use. When using "$request->session()->token();" it shows me an ID called _token. Then there's a Cookie token called laravel_session and apparently a 3rd one, consisting of numbers only, "session()->getId()". Which one is the one to use now?










share|improve this question













Im getting into laravel for backend purposes. I've noticed that there are several ID's provided by Laravel and I have no idea which one to use. When using "$request->session()->token();" it shows me an ID called _token. Then there's a Cookie token called laravel_session and apparently a 3rd one, consisting of numbers only, "session()->getId()". Which one is the one to use now?







php laravel






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 10 at 22:51









Konstantin Schlegel

204




204








  • 3




    You just read and write to the session, you don't need to know what the session ID is. The PHP constant SID will always give it to you.
    – miken32
    Nov 10 at 22:53










  • Im using AngularJS in the frontend so I need to set the SessionID at the login. My question however is, which one?
    – Konstantin Schlegel
    Nov 10 at 23:01






  • 1




    Your frontend does not need to know the session ID at all, that's got nothing to do with the frontend regardless of the framework you're using.
    – Stephen Lake
    Nov 10 at 23:55










  • Then how am I gonna verify SQL Queries that are meant for a specific user only?
    – Konstantin Schlegel
    Nov 11 at 0:12










  • @KonstantinSchlegel I think you need a tutorial on authentication and a little bit of information on frontend versus backend. Seems like you're mixing up your logic. The frontend doesn't do any SQL queries nor does it handle sessions at all. Best you google some tuts, there are many available.
    – Stephen Lake
    Nov 11 at 0:22
















  • 3




    You just read and write to the session, you don't need to know what the session ID is. The PHP constant SID will always give it to you.
    – miken32
    Nov 10 at 22:53










  • Im using AngularJS in the frontend so I need to set the SessionID at the login. My question however is, which one?
    – Konstantin Schlegel
    Nov 10 at 23:01






  • 1




    Your frontend does not need to know the session ID at all, that's got nothing to do with the frontend regardless of the framework you're using.
    – Stephen Lake
    Nov 10 at 23:55










  • Then how am I gonna verify SQL Queries that are meant for a specific user only?
    – Konstantin Schlegel
    Nov 11 at 0:12










  • @KonstantinSchlegel I think you need a tutorial on authentication and a little bit of information on frontend versus backend. Seems like you're mixing up your logic. The frontend doesn't do any SQL queries nor does it handle sessions at all. Best you google some tuts, there are many available.
    – Stephen Lake
    Nov 11 at 0:22










3




3




You just read and write to the session, you don't need to know what the session ID is. The PHP constant SID will always give it to you.
– miken32
Nov 10 at 22:53




You just read and write to the session, you don't need to know what the session ID is. The PHP constant SID will always give it to you.
– miken32
Nov 10 at 22:53












Im using AngularJS in the frontend so I need to set the SessionID at the login. My question however is, which one?
– Konstantin Schlegel
Nov 10 at 23:01




Im using AngularJS in the frontend so I need to set the SessionID at the login. My question however is, which one?
– Konstantin Schlegel
Nov 10 at 23:01




1




1




Your frontend does not need to know the session ID at all, that's got nothing to do with the frontend regardless of the framework you're using.
– Stephen Lake
Nov 10 at 23:55




Your frontend does not need to know the session ID at all, that's got nothing to do with the frontend regardless of the framework you're using.
– Stephen Lake
Nov 10 at 23:55












Then how am I gonna verify SQL Queries that are meant for a specific user only?
– Konstantin Schlegel
Nov 11 at 0:12




Then how am I gonna verify SQL Queries that are meant for a specific user only?
– Konstantin Schlegel
Nov 11 at 0:12












@KonstantinSchlegel I think you need a tutorial on authentication and a little bit of information on frontend versus backend. Seems like you're mixing up your logic. The frontend doesn't do any SQL queries nor does it handle sessions at all. Best you google some tuts, there are many available.
– Stephen Lake
Nov 11 at 0:22






@KonstantinSchlegel I think you need a tutorial on authentication and a little bit of information on frontend versus backend. Seems like you're mixing up your logic. The frontend doesn't do any SQL queries nor does it handle sessions at all. Best you google some tuts, there are many available.
– Stephen Lake
Nov 11 at 0:22














1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted










session()->getId() is the correct session ID.



$request->session()->token() returns the CSRF token, not the session ID.
The laravel_session cookie may be encrypted if you're using the middleware.






share|improve this answer





















  • How come $request->session()->token() 's ID doesn't show up when using ->all()?
    – Konstantin Schlegel
    Nov 11 at 0:01










  • Is the CSRF token in the request or in the headers? $request->all does not display headers. It only displays the query params
    – Paras
    Nov 11 at 0:03












  • request()->all() displays all form input including query parameters not just query parameters. Though, I'm not seeing the relevance there, that's got nothing to do with the question. request->session()->token() isn't a collection and even so, this question is bogus and this answer encourages using Laravel very poorly.
    – Stephen Lake
    Nov 11 at 0:33












  • @snh that's a load! This is a straightforward answer to how to get the session ID. If it's such a bad thing to get the session ID why don't you submit a PR to the framework to make it a protected method?
    – Paras
    Nov 11 at 0:47










  • To your comment on all form input, you are correct and I stand corrected.
    – Paras
    Nov 11 at 0:49











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53244202%2flaravel-what-to-use-as-session-id%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote



accepted










session()->getId() is the correct session ID.



$request->session()->token() returns the CSRF token, not the session ID.
The laravel_session cookie may be encrypted if you're using the middleware.






share|improve this answer





















  • How come $request->session()->token() 's ID doesn't show up when using ->all()?
    – Konstantin Schlegel
    Nov 11 at 0:01










  • Is the CSRF token in the request or in the headers? $request->all does not display headers. It only displays the query params
    – Paras
    Nov 11 at 0:03












  • request()->all() displays all form input including query parameters not just query parameters. Though, I'm not seeing the relevance there, that's got nothing to do with the question. request->session()->token() isn't a collection and even so, this question is bogus and this answer encourages using Laravel very poorly.
    – Stephen Lake
    Nov 11 at 0:33












  • @snh that's a load! This is a straightforward answer to how to get the session ID. If it's such a bad thing to get the session ID why don't you submit a PR to the framework to make it a protected method?
    – Paras
    Nov 11 at 0:47










  • To your comment on all form input, you are correct and I stand corrected.
    – Paras
    Nov 11 at 0:49















up vote
0
down vote



accepted










session()->getId() is the correct session ID.



$request->session()->token() returns the CSRF token, not the session ID.
The laravel_session cookie may be encrypted if you're using the middleware.






share|improve this answer





















  • How come $request->session()->token() 's ID doesn't show up when using ->all()?
    – Konstantin Schlegel
    Nov 11 at 0:01










  • Is the CSRF token in the request or in the headers? $request->all does not display headers. It only displays the query params
    – Paras
    Nov 11 at 0:03












  • request()->all() displays all form input including query parameters not just query parameters. Though, I'm not seeing the relevance there, that's got nothing to do with the question. request->session()->token() isn't a collection and even so, this question is bogus and this answer encourages using Laravel very poorly.
    – Stephen Lake
    Nov 11 at 0:33












  • @snh that's a load! This is a straightforward answer to how to get the session ID. If it's such a bad thing to get the session ID why don't you submit a PR to the framework to make it a protected method?
    – Paras
    Nov 11 at 0:47










  • To your comment on all form input, you are correct and I stand corrected.
    – Paras
    Nov 11 at 0:49













up vote
0
down vote



accepted







up vote
0
down vote



accepted






session()->getId() is the correct session ID.



$request->session()->token() returns the CSRF token, not the session ID.
The laravel_session cookie may be encrypted if you're using the middleware.






share|improve this answer












session()->getId() is the correct session ID.



$request->session()->token() returns the CSRF token, not the session ID.
The laravel_session cookie may be encrypted if you're using the middleware.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 10 at 23:55









Paras

5,392735




5,392735












  • How come $request->session()->token() 's ID doesn't show up when using ->all()?
    – Konstantin Schlegel
    Nov 11 at 0:01










  • Is the CSRF token in the request or in the headers? $request->all does not display headers. It only displays the query params
    – Paras
    Nov 11 at 0:03












  • request()->all() displays all form input including query parameters not just query parameters. Though, I'm not seeing the relevance there, that's got nothing to do with the question. request->session()->token() isn't a collection and even so, this question is bogus and this answer encourages using Laravel very poorly.
    – Stephen Lake
    Nov 11 at 0:33












  • @snh that's a load! This is a straightforward answer to how to get the session ID. If it's such a bad thing to get the session ID why don't you submit a PR to the framework to make it a protected method?
    – Paras
    Nov 11 at 0:47










  • To your comment on all form input, you are correct and I stand corrected.
    – Paras
    Nov 11 at 0:49


















  • How come $request->session()->token() 's ID doesn't show up when using ->all()?
    – Konstantin Schlegel
    Nov 11 at 0:01










  • Is the CSRF token in the request or in the headers? $request->all does not display headers. It only displays the query params
    – Paras
    Nov 11 at 0:03












  • request()->all() displays all form input including query parameters not just query parameters. Though, I'm not seeing the relevance there, that's got nothing to do with the question. request->session()->token() isn't a collection and even so, this question is bogus and this answer encourages using Laravel very poorly.
    – Stephen Lake
    Nov 11 at 0:33












  • @snh that's a load! This is a straightforward answer to how to get the session ID. If it's such a bad thing to get the session ID why don't you submit a PR to the framework to make it a protected method?
    – Paras
    Nov 11 at 0:47










  • To your comment on all form input, you are correct and I stand corrected.
    – Paras
    Nov 11 at 0:49
















How come $request->session()->token() 's ID doesn't show up when using ->all()?
– Konstantin Schlegel
Nov 11 at 0:01




How come $request->session()->token() 's ID doesn't show up when using ->all()?
– Konstantin Schlegel
Nov 11 at 0:01












Is the CSRF token in the request or in the headers? $request->all does not display headers. It only displays the query params
– Paras
Nov 11 at 0:03






Is the CSRF token in the request or in the headers? $request->all does not display headers. It only displays the query params
– Paras
Nov 11 at 0:03














request()->all() displays all form input including query parameters not just query parameters. Though, I'm not seeing the relevance there, that's got nothing to do with the question. request->session()->token() isn't a collection and even so, this question is bogus and this answer encourages using Laravel very poorly.
– Stephen Lake
Nov 11 at 0:33






request()->all() displays all form input including query parameters not just query parameters. Though, I'm not seeing the relevance there, that's got nothing to do with the question. request->session()->token() isn't a collection and even so, this question is bogus and this answer encourages using Laravel very poorly.
– Stephen Lake
Nov 11 at 0:33














@snh that's a load! This is a straightforward answer to how to get the session ID. If it's such a bad thing to get the session ID why don't you submit a PR to the framework to make it a protected method?
– Paras
Nov 11 at 0:47




@snh that's a load! This is a straightforward answer to how to get the session ID. If it's such a bad thing to get the session ID why don't you submit a PR to the framework to make it a protected method?
– Paras
Nov 11 at 0:47












To your comment on all form input, you are correct and I stand corrected.
– Paras
Nov 11 at 0:49




To your comment on all form input, you are correct and I stand corrected.
– Paras
Nov 11 at 0:49


















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53244202%2flaravel-what-to-use-as-session-id%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Florida Star v. B. J. F.

Danny Elfman

Lugert, Oklahoma