- Session
- Session Usage
- Storing An Item In The Session
- Push A Value Onto An Array Session Value
- Retrieving An Item From The Session
- Retrieving An Item Or Returning A Default Value
- Retrieving An Item And Forgetting It
- Retrieving All Data From The Session
- Determining If An Item Exists In The Session
- Removing An Item From The Session
- Removing All Items From The Session
- Regenerating The Session ID
- Flash Data
- Database Sessions
- Session Drivers
Session
Configuration
Since HTTP driven applications are stateless, sessions provide a way to store information about the user across requests. Laravel ships with a variety of session back-ends available for use through a clean, unified API. Support for popular back-ends such as Memcached, Redis, and databases is included out of the box.
The session configuration is stored in config/session.php
. Be sure to review the well documented options available to you in this file. By default, Laravel is configured to use the file
session driver, which will work well for the majority of applications.
Before using Redis sessions with Laravel, you will need to install the predis/predis
package (~1.0) via Composer.
Note: If you need all stored session data to be encrypted, set the
encrypt
configuration option totrue
.
Note: When using the
cookie
session driver, you should never remove theEncryptCookie
middleware from your HTTP kernel. If you remove this middleware, your application will be vulnerable to remote code injection.
Reserved Keys
The Laravel framework uses the flash
session key internally, so you should not add an item to the session by that name.
Session Usage
The session may be accessed in several ways, via the HTTP request's session
method, the Session
facade, or the session
helper function. When the session
helper is called without arguments, it will return the entire session object. For example:
session()->regenerate();
Storing An Item In The Session
Session::put('key', 'value');
session(['key' => 'value']);
Push A Value Onto An Array Session Value
Session::push('user.teams', 'developers');
Retrieving An Item From The Session
$value = Session::get('key');
$value = session('key');
Retrieving An Item Or Returning A Default Value
$value = Session::get('key', 'default');
$value = Session::get('key', function() { return 'default'; });
Retrieving An Item And Forgetting It
$value = Session::pull('key', 'default');
Retrieving All Data From The Session
$data = Session::all();
Determining If An Item Exists In The Session
if (Session::has('users'))
{
//
}
Removing An Item From The Session
Session::forget('key');
Removing All Items From The Session
Session::flush();
Regenerating The Session ID
Session::regenerate();
Flash Data
Sometimes you may wish to store items in the session only for the next request. You may do so using the Session::flash
method:
Session::flash('key', 'value');
Reflashing The Current Flash Data For Another Request
Session::reflash();
Reflashing Only A Subset Of Flash Data
Session::keep(['username', 'email']);
Database Sessions
When using the database
session driver, you will need to setup a table to contain the session items. Below is an example Schema
declaration for the table:
Schema::create('sessions', function($table)
{
$table->string('id')->unique();
$table->text('payload');
$table->integer('last_activity');
});
Of course, you may use the session:table
Artisan command to generate this migration for you!
php artisan session:table
composer dump-autoload
php artisan migrate
Session Drivers
The session "driver" defines where session data will be stored for each request. Laravel ships with several great drivers out of the box:
file
- sessions will be stored instorage/framework/sessions
.cookie
- sessions will be stored in secure, encrypted cookies.database
- sessions will be stored in a database used by your application.memcached
/redis
- sessions will be stored in one of these fast, cached based stores.array
- sessions will be stored in a simple PHP array and will not be persisted across requests.
Note: The array driver is typically used for running unit tests, so no session data will be persisted.