Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Laravel, PHP, Technology

Setting a secure remember me cookie in Laravel

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Setting a secure remember me cookie in Laravel

Laravel, PHP, Technology

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Setting a secure remember me cookie in Laravel

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Laravel, PHP, Technology

Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Setting a secure remember me cookie in Laravel

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Setting a secure remember me cookie in Laravel

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Setting a secure remember me cookie in Laravel

Laravel, PHP, Technology

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Setting a secure remember me cookie in Laravel

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Debugging Nginx Errors

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly. Sadly, the default value for…
LaravelPHPSecurityTechnology

Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

LaravelPHPTechnology

Setting a secure remember me cookie in Laravel

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

NginxPHP

Debugging Nginx Errors

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly. Sadly, the default value for…

Invalidating Laravel log-in sessions on password change

2 Comments

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Setting a secure remember me cookie in Laravel

No Comments

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change

Setting a secure remember me cookie in Laravel

Debugging Nginx Errors

Invalidating Laravel log-in sessions on password change
Setting a secure remember me cookie in Laravel
Debugging Nginx Errors
My New Nginx Book: Instant Nginx Starter
fastcgi_params Versus fastcgi.conf – Nginx Config History
WebSockets in Nginx
Understanding the Nginx Configuration Inheritance Model
Hong Kong Tur
Securing Nginx + PHP When Using Path Info
The Fun that is UTF-8 Support in PHP

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Unfortunately Laravel does not provide this functionality out of the box. We actually have to go through quite a bit of trouble to make Laravel play ball here but it’s definitely worth it, so lets get to it!

Continue Reading

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This despite the fact that there is a configuration option for secure session cookies

Fortunately modifying Laravel to set a secure log-in cookie is not difficult at all.

Continue Reading

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly.

Sadly, the default value for error log is less than optimal, and some of the tricks to getting information from nginx are not obvious.

This post is intended to be a reference for the tools nginx provide and how to configure them; as well as a general guide on what’s important when facing issues in nginx.

Continue Reading
format_quote

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Unfortunately Laravel does not provide this functionality out of the box. We actually have to go through quite a bit of trouble to make Laravel play ball here but it’s definitely worth it, so lets get to it!

Continue Reading
format_quote

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This despite the fact that there is a configuration option for secure session cookies

Fortunately modifying Laravel to set a secure log-in cookie is not difficult at all.

Continue Reading
format_quote

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly.

Sadly, the default value for error log is less than optimal, and some of the tricks to getting information from nginx are not obvious.

This post is intended to be a reference for the tools nginx provide and how to configure them; as well as a general guide on what’s important when facing issues in nginx.

Continue Reading
format_quote

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Unfortunately Laravel does not provide this functionality out of the box. We actually have to go through quite a bit of trouble to make Laravel play ball here but it’s definitely worth it, so lets get to it!

Continue Reading
format_quote

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This despite the fact that there is a configuration option for secure session cookies

Fortunately modifying Laravel to set a secure log-in cookie is not difficult at all.

Continue Reading
format_quote

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly.

Sadly, the default value for error log is less than optimal, and some of the tricks to getting information from nginx are not obvious.

This post is intended to be a reference for the tools nginx provide and how to configure them; as well as a general guide on what’s important when facing issues in nginx.

Continue Reading

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Unfortunately Laravel does not provide this functionality out of the box. We actually have to go through quite a bit of trouble to make Laravel play ball here but it’s definitely worth it, so lets get to it!

Continue Reading

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This despite the fact that there is a configuration option for secure session cookies

Fortunately modifying Laravel to set a secure log-in cookie is not difficult at all.

Continue Reading

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly.

Sadly, the default value for error log is less than optimal, and some of the tricks to getting information from nginx are not obvious.

This post is intended to be a reference for the tools nginx provide and how to configure them; as well as a general guide on what’s important when facing issues in nginx.

Continue Reading

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Unfortunately Laravel does not provide this functionality out of the box. We actually have to go through quite a bit of trouble to make Laravel play ball here but it’s definitely worth it, so lets get to it!

Continue Reading

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This despite the fact that there is a configuration option for secure session cookies

Fortunately modifying Laravel to set a secure log-in cookie is not difficult at all.

Continue Reading

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly.

Sadly, the default value for error log is less than optimal, and some of the tricks to getting information from nginx are not obvious.

This post is intended to be a reference for the tools nginx provide and how to configure them; as well as a general guide on what’s important when facing issues in nginx.

Continue Reading

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Unfortunately Laravel does not provide this functionality out of the box. We actually have to go through quite a bit of trouble to make Laravel play ball here but it’s definitely worth it, so lets get to it!

Continue Reading

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This despite the fact that there is a configuration option for secure session cookies

Fortunately modifying Laravel to set a secure log-in cookie is not difficult at all.

Continue Reading

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly.

Sadly, the default value for error log is less than optimal, and some of the tricks to getting information from nginx are not obvious.

This post is intended to be a reference for the tools nginx provide and how to configure them; as well as a general guide on what’s important when facing issues in nginx.

Continue Reading