Martin Fjordvald

Invalidating Laravel log-in sessions on password change

May 5, 2015

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Unfortunately Laravel does not provide this functionality out of the box. We actually have to go through quite a bit of trouble to make Laravel play ball here but it’s definitely worth it, so lets get to it!

Setting a secure remember me cookie in Laravel

Laravel, PHP, Technology

May 5, 2015

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This despite the fact that there is a configuration option for secure session cookies

Fortunately modifying Laravel to set a secure log-in cookie is not difficult at all.

Debugging Nginx Errors

Nginx, PHP

June 3, 2013

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly.

Sadly, the default value for error log is less than optimal, and some of the tricks to getting information from nginx are not obvious.

This post is intended to be a reference for the tools nginx provide and how to configure them; as well as a general guide on what’s important when facing issues in nginx.

My New Nginx Book: Instant Nginx Starter

Nginx

May 17, 2013

During the last few months, I have been working on an nginx book for Packt Publishing. The book is called Instant Nginx Starter and is now published!

My goal with this book was to provide a concise introduction to the nginx configuration in a way that allowed people to build on top of the knowledge I provided. This meshed well with the Instant line of books from Packt as they are intended to be short and get the reader started quickly.

fastcgi_params Versus fastcgi.conf – Nginx Config History

Nginx

April 24, 2013

The nginx source install (and by extension package managers) includes two FastCGI configuration files, fastcgi_params and fastcgi.conf that differ only a tiny bit.

To this day, they still cause confusion amongst new users due to package managers.

So why does NGINX include both files?

WebSockets in Nginx

Nginx

February 18, 2013

Version 1.3.13 of nginx is out and with it comes support for Connection: upgrade and Upgrade header, meaning proxying of WebSockets!

Many people have been waiting for this and “are websockets in nginx supported?” is one of the most frequent questions in #nginx on freenode.

With that out of the way, time to have a look at the nginx WebSocket implementation.

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

My New Nginx Book: Instant Nginx Starter

fastcgi_params Versus fastcgi.conf – Nginx Config History

WebSockets in Nginx

My NGINX Book

Recent Posts

Search Something