For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.
Posts by Martin Fjordvald
As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.
Version 1.3.13 of nginx is due any day now and with it comes support for Connection: upgrade and Upgrade header, meaning proxying of WebSockets! Read on to find out how to configure nginx to support WebSockets.