Blog Posts

Invalidating Laravel log-in sessions on password change

For security reasons it’s fairly good practice to invalidate all log-in sessions when a users password is changed. This is especially useful when a users account has been compromised and they go to change or reset their password. Without log-in session invalidation the attacker will still be logged in and able to cause chaos.

Setting a secure remember me cookie in Laravel

As of Laravel 5.0 it’s still not possible to set the remember me cookie with a secure flag. This is slightly weird as there is a configuration option for secure session cookies. Fortunately modifying Laravel to set a secure log-in cookie is not too difficult – all we need to do is provide a custom Guard class for the Auth driver which overrides the setRecaller() method.

Laravel, PHP, Technology

Debugging Nginx Errors

Dealing with errors in nginx can be a frustrating experience if nginx isn’t configured correctly. Sadly, the default value for error log is less than optimal, and some of the tricks to getting information from nginx are not obvious. This post is intended to be a reference for the tools…
Nginx, PHP

My New Nginx Book: Instant Nginx Starter

During the last few months, I have been working on an nginx book for Packt Publishing. The book is called Instant Nginx Starter and is now published! My goal with this book was to provide a concise introduction to the nginx configuration in a way that allowed people to build…

fastcgi_params Versus fastcgi.conf – Nginx Config History

The nginx source install (and by extension package managers) includes two FastCGI configuration files, fastcgi_params and fastcgi.conf that differ only a tiny bit. To this day, they still cause confusion amongst new users due to package managers. So why does NGINX include both files? Continue Reading

WebSockets in Nginx

Version 1.3.13 of nginx is due any day now and with it comes support for Connection: upgrade and Upgrade header, meaning proxying of WebSockets! Read on to find out how to configure nginx to support WebSockets.