Invalidating Laravel log-in sessions on password change
For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.
Setting a secure remember me cookie in Laravel
As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.
Debugging Nginx Errors
My New Nginx Book: Instant Nginx Starter
fastcgi_params Versus fastcgi.conf – Nginx Config History
WebSockets in Nginx
Version 1.3.13 of nginx is due any day now and with it comes support for Connection: upgrade and Upgrade header, meaning proxying of WebSockets! Read on to find out how to configure nginx to support WebSockets.