I'm developing an application using Laravel 11.8, and due to specific business requirements, different users need to have different session durations. Although the value in the configuration is updated as expected, the session duration still uses the value defined in the .env file.

Here's the middleware:

class SessionLifeTime {
    public function handle(Request $request, Closure $next): Response {
        if (Auth::check()) {
            $user = Auth::user();
            if ($user && isset($user->session_lifetime)) {
                config(['session.lifetime' => $user->session_lifetime]);
            }
        }

        return $next($request);
    }
}

I've read that this middleware needs to be placed before \Illuminate\Session\Middleware\StartSession in app/Http/Kernel.php under the protected $middlewarePriority property. However, since I'm using Laravel 11.8, the app/Http/Kernel.php file no longer exists. Even if it did, this wouldn't help because \Illuminate\Session\Middleware\StartSession is required for Illuminate\Support\Facades\Auth to work.

ChatGPT suggested the following:

class SessionLifeTime {
    public function handle(Request $request, Closure $next): Response {
        if (Auth::check()) {
            $user = Auth::user();

            if ($user && isset($user->session_lifetime)) {
                config(['session.lifetime' => $user->session_lifetime]);

                $cookieName = config('session.cookie');
                $sessionId = Cookie::get($cookieName);

                if ($sessionId) {
                    Cookie::queue(Cookie::make(
                        $cookieName,
                        $sessionId,
                        $user->session_lifetime
                    ));
                }
            }
        }

        return $next($request);
    }
}

However, this solution also does not work. I suppose I need to edit the Cookie's so that the session duration is changed, but I don't know how to approach it.

I'm developing an application using Laravel 11.8, and due to specific business requirements, different users need to have different session durations. Although the value in the configuration is updated as expected, the session duration still uses the value defined in the .env file.

Here's the middleware:

class SessionLifeTime {
    public function handle(Request $request, Closure $next): Response {
        if (Auth::check()) {
            $user = Auth::user();
            if ($user && isset($user->session_lifetime)) {
                config(['session.lifetime' => $user->session_lifetime]);
            }
        }

        return $next($request);
    }
}

I've read that this middleware needs to be placed before \Illuminate\Session\Middleware\StartSession in app/Http/Kernel.php under the protected $middlewarePriority property. However, since I'm using Laravel 11.8, the app/Http/Kernel.php file no longer exists. Even if it did, this wouldn't help because \Illuminate\Session\Middleware\StartSession is required for Illuminate\Support\Facades\Auth to work.

ChatGPT suggested the following:

class SessionLifeTime {
    public function handle(Request $request, Closure $next): Response {
        if (Auth::check()) {
            $user = Auth::user();

            if ($user && isset($user->session_lifetime)) {
                config(['session.lifetime' => $user->session_lifetime]);

                $cookieName = config('session.cookie');
                $sessionId = Cookie::get($cookieName);

                if ($sessionId) {
                    Cookie::queue(Cookie::make(
                        $cookieName,
                        $sessionId,
                        $user->session_lifetime
                    ));
                }
            }
        }

        return $next($request);
    }
}

However, this solution also does not work. I suppose I need to edit the Cookie's so that the session duration is changed, but I don't know how to approach it.

• php
• laravel
• session

• What cache driver are you using? – apokryfos Commented Jan 18 at 17:16
• I'm using the 'database' cache driver. – Łukasz Przybylski Commented Jan 18 at 18:26

1 Answer 1

I figured it out. Laravel stores the session ID in a cookie named env('APP_NAME').'_session'. However, env('APP_NAME') is converted to lowercase, and spaces are replaced with underscores. At least that's how my application's APP_NAME was transformed. There might be more to it.

The solution to the problem looks like this:

class SessionLifeTime {
    public function handle(Request $request, Closure $next): Response {
        if (Auth::check()) {
            $user = Auth::user();
            if ($user && isset($user->session_lifetime)) {
                config(['session.lifetime' => $user->session_lifetime]);
            }

            $cookieName = strtolower(str_replace(' ', '_', config('app.name', 'app'))).'_session';
            $expiration = now()->addMinutes(config('session.lifetime'));

            $cookieValue = $request->cookie($cookieName);
            if ($cookieValue) {
                Cookie::make($cookieName, $cookieValue, $expiration->diffInMinutes());
            }
        }

        return $next($request);
    }
}

After setting the new session.lifetime in the config, we locate the cookie containing the session ID. Then, we set its expiration time to now() + session.lifetime and its value to the value of the old cookie.

It's important that this middleware runs first. In my case, all routes in the /routes/web.php file are wrapped in:

Route::middleware([SessionLifeTime::class])->group(function () {