Support the ongoing development of Laravel.io →
posted 9 years ago
Session
Last updated 2 years ago.
0

If you choose the file session driver, your session data will be saved in the app/storage/sessions folder on the server. Otherwise, the data will be (encrypted) in the user cookies.

http://laravel.com/docs/5.0/session#session-drivers

0

Well, but why I would want to create a lot of file in that folder if the data could be stored on the user's pc?

0

User cookies have an upper limit of 4KB.. also remember that the cookie needs to be transmitted to and from the server on every request (potentially adding to the latency). Finally, cookies are stored on the client.. so there is a potential for exploitation (although encryption makes it secure.. for now.)

File based sessions have no size limits, and are more secure (they are stored on server and so are tamper proof). There is the problem of increased file IO.. but this is the preferred approach.

Note that session files created by Laravel get cleaned up automatically on garbage collection: https://github.com/illuminate/session/blob/master/FileSessionHandler.php#L94

Last updated 9 years ago.
0

I would like to add that, given the truth behind what @mnshankar said about the security of filesystem-based sessions, it comes at a cost. Imagine you have your application deployed on two different servers load balanced by a load balancer in-front of them, the session will be physically existing on one of the servers only and if the load balancer redirects the user to the other server where the session does not exist, you will be facing unpredicted behaviour since the second server won't be able to locate the session locally on a file. Just be careful when using them.

0

So even if you choose file session, isn't a cookie created to handle the session id?

valentino-emirlike liked this reply

1

Sign in to participate in this thread!

Eventy

Your banner here too?

lovePizza lovepizza Joined 13 Mar 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.