For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.
Posts by Martin Fjordvald
Setting a secure remember me cookie in Laravel
As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.
Debugging Nginx Errors
Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly. Sadly, the default value for error log is less than optimal, and some of the…
My New Nginx Book: Instant Nginx Starter
During the last few months, I have been working on an nginx book for Packt Publishing. The book is called Instant Nginx Starter and is now published! My goal with…
fastcgi_params Versus fastcgi.conf – Nginx Config History
The nginx source install (and by extension package managers) includes two FastCGI configuration files, fastcgi_params and fastcgi.conf that differ only a tiny bit. To this day, they still cause confusion…
WebSockets in Nginx
Version 1.3.13 of nginx is due any day now and with it comes support for Connection: upgrade and Upgrade header, meaning proxying of WebSockets! Read on to find out how to configure nginx to support WebSockets.