I'm building an application which has a public facing "landing page" that is rendered using data from the database.
To do so I'd like to use Laravel Folio (running on Laravel 12). I noticed that even though it's not needed, Laravel will set session and XSRF cookies in responses from the public part of the application. I would like to remove these.
My FolioServiceProvider does not define any middleware:
public function boot(): void
{
Folio::path(resource_path('views/pages'))->middleware([
'*' => [
//
],
])->uri('/');
}
and I don't edit anything in bootstrap/app.php:
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
commands: __DIR__.'/../routes/console.php',
web: __DIR__.'/../routes/web.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
//
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
Searching the web, I found advice on removing StartSession middleware from the middleware stack, however when I do that:
$middleware->remove([
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Session\Middleware\StartSession::class,
]);
a 500 error complaining about how there is no session is raised:
Session store not set on request.
which seems to originate in the (previously removed?) VerifyCsrfToken middleware trying to access the request's session.
I have a hard time understanding how middleware is being stacked in this combo, especially since this is my first time using Folio and Laravel version 12 (middleware defintion worked differently before).
Ideally, I'd like to come to a point where everything routed through Folio does not pass any middleware, but removing sessions would be a good start also.
I'm building an application which has a public facing "landing page" that is rendered using data from the database.
To do so I'd like to use Laravel Folio (running on Laravel 12). I noticed that even though it's not needed, Laravel will set session and XSRF cookies in responses from the public part of the application. I would like to remove these.
My FolioServiceProvider does not define any middleware:
public function boot(): void
{
Folio::path(resource_path('views/pages'))->middleware([
'*' => [
//
],
])->uri('/');
}
and I don't edit anything in bootstrap/app.php:
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
commands: __DIR__.'/../routes/console.php',
web: __DIR__.'/../routes/web.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
//
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
Searching the web, I found advice on removing StartSession middleware from the middleware stack, however when I do that:
$middleware->remove([
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Session\Middleware\StartSession::class,
]);
a 500 error complaining about how there is no session is raised:
Session store not set on request.
which seems to originate in the (previously removed?) VerifyCsrfToken middleware trying to access the request's session.
I have a hard time understanding how middleware is being stacked in this combo, especially since this is my first time using Folio and Laravel version 12 (middleware defintion worked differently before).
Ideally, I'd like to come to a point where everything routed through Folio does not pass any middleware, but removing sessions would be a good start also.
Share Improve this question asked Mar 27 at 21:04 m90m90 11.8k15 gold badges67 silver badges119 bronze badges1 Answer
Reset to default 0You can create a middleware to set the session into the array driver like this.
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Config;
use Laravel\Folio\Folio;
public function boot(): void
{
Folio::path(resource_path('views/pages'))->middleware([
'*' => [
function (Request $request, Closure $next) {
Config::set('session.driver', 'array');
return $next($request);
},
],
])->uri('/');
}
When you set the session.driver to array, the session will not be persisted as mentioned here in the laravel docs.
This will skip saving the session into your storage/framework/session directory, or into your sessions table (depending on your SESSION_DRIVER environment) which will free up your storage space.
Hopefully this helps.