rolandstarke/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Laravel less Cookies in Response

Laravel sends the session and csrf cookie in every response. That is additional trafic that's not needed. With this changes the session cookie and csrf cookie don't get resend to the client every time if they did not change (but at least once an hour to prevent client side expiring).

  
## app\Http\Kernel.php
/*
replace

\Illuminate\Session\Middleware\StartSession::class

with

\App\Http\Middleware\StartSession::class


*/

## app\Http\Middleware\StartSession.php
<?php

namespace App\Http\Middleware;

use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
use Illuminate\Contracts\Session\Session;

class StartSession extends \Illuminate\Session\Middleware\StartSession
{

    /**
     * After how many seconds the cookie should be resend to the client
     */
    const COOKIE_RESEND_INTERVAL = 3600;

    protected $request;

    public function handle($request, \Closure $next)
    {
        $this->request = $request;
        return parent::handle($request, $next);
    }


    /**
     * Add the session cookie to the application response.
     * But only if it was not set recently. (reduce cookie encryption and bandwith overhead)
     */
    protected function addCookieToResponse(Response $response, Session $session)
    {
        $cookieSetTime = $session->get('session_cookie_set_time');
        if (
            $session->getId() !== $this->request->cookie($session->getName())
            || !$cookieSetTime
            || $cookieSetTime + self::COOKIE_RESEND_INTERVAL < time()
        ) {
            $session->put('session_cookie_set_time', time());
            parent::addCookieToResponse($response, $session);
        }
    }
}

## app\Http\Middleware\VerifyCsrfToken.php
<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{

    /**
     * After how many seconds the cookie should be resend to the client
     */
    const COOKIE_RESEND_INTERVAL = 3600;

    /**
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     *
     * @var bool
     */
    protected $addHttpCookie = true;

    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        //
    ];

    protected function addCookieToResponse($request, $response)
    {

        $session = $request->session();
        $cookieSetTime = $session->get('csrf_cookie_set_time');
        if (
            $request->session()->token() !== $request->cookie('XSRF-TOKEN')
            || !$cookieSetTime
            || $cookieSetTime + self::COOKIE_RESEND_INTERVAL < time()
        ) {
            $session->put('csrf_cookie_set_time', time());
            return parent::addCookieToResponse($request, $response);
        }


        return $response;
    }
}
	/*
	replace

	\Illuminate\Session\Middleware\StartSession::class

	with

	\App\Http\Middleware\StartSession::class


	*/
	<?php

	namespace App\Http\Middleware;

	use Illuminate\Http\Request;
	use Symfony\Component\HttpFoundation\Response;
	use Illuminate\Contracts\Session\Session;

	class StartSession extends \Illuminate\Session\Middleware\StartSession
	{

	/**
	* After how many seconds the cookie should be resend to the client
	*/
	const COOKIE_RESEND_INTERVAL = 3600;

	protected $request;

	public function handle($request, \Closure $next)
	{
	$this->request = $request;
	return parent::handle($request, $next);
	}


	/**
	* Add the session cookie to the application response.
	* But only if it was not set recently. (reduce cookie encryption and bandwith overhead)
	*/
	protected function addCookieToResponse(Response $response, Session $session)
	{
	$cookieSetTime = $session->get('session_cookie_set_time');
	if (
	$session->getId() !== $this->request->cookie($session->getName())
	\|\| !$cookieSetTime
	\|\| $cookieSetTime + self::COOKIE_RESEND_INTERVAL < time()
	) {
	$session->put('session_cookie_set_time', time());
	parent::addCookieToResponse($response, $session);
	}
	}
	}
	<?php

	namespace App\Http\Middleware;

	use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

	class VerifyCsrfToken extends Middleware
	{

	/**
	* After how many seconds the cookie should be resend to the client
	*/
	const COOKIE_RESEND_INTERVAL = 3600;

	/**
	* Indicates whether the XSRF-TOKEN cookie should be set on the response.
	*
	* @var bool
	*/
	protected $addHttpCookie = true;

	/**
	* The URIs that should be excluded from CSRF verification.
	*
	* @var array
	*/
	protected $except = [
	//
	];

	protected function addCookieToResponse($request, $response)
	{

	$session = $request->session();
	$cookieSetTime = $session->get('csrf_cookie_set_time');
	if (
	$request->session()->token() !== $request->cookie('XSRF-TOKEN')
	\|\| !$cookieSetTime
	\|\| $cookieSetTime + self::COOKIE_RESEND_INTERVAL < time()
	) {
	$session->put('csrf_cookie_set_time', time());
	return parent::addCookieToResponse($request, $response);
	}


	return $response;
	}
	}