Laravel strip all cookies and session data from JSON output

Hi,

If you are doing a small API library in Laravel you may find the output json a little bit – especially with a small response this is caused due to cookies and headers sent together with the response.
For a small 400B response JSON laravel adds additional 500B ( more than 100% ) of cookie information.

To strip all this from response headers, you need to go to /app/Http/Kernel.php and update $middlewareGroups section
1/ add \App\Http\Middleware\ApiSession::class,
2/ comment out \App\Http\Middleware\VerifyCsrfToken::class,

Final section may look like this

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \App\Http\Middleware\ApiSession::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
//            \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

Now create a file called ApiSession at /app/Http/Middleware/ApiSession.php with following content

<?php
namespace App\Http\Middleware;
use Closure;

class ApiSession {
    public function handle($request, Closure $next){
        \Config::set('session.driver', 'array');
        \Config::set('cookie.driver', 'array');
        return $next($request);
    }
}

That’s it!
In ApiSession.php you can check current api and only disable cookie for specific folder or url. You may do the same in VerifyCsrfToken class.

But if you project is strictly for API, this is the changes you have to make.

Write a Comment

Comment