Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Use file session driver again #5201
@taylorotwell Please be aware that the default cookie session storage is also a security problem because users can change the session data on their local machine. This can lead to privilege escalation and remote data injection. There are good reasons why session data isn't stored at the client machine by default and that Laravel shouldn't do this by default too regardless of personal preference!
@taylorotwell OK, then security may not be a big problem. Nevertheless, the maximum limit of all cookies for a domain (not for each cookie) is still 4096 bytes and that can be reached easily. Laravel was always known for defaults that work for 95% of all applications out of the box. Now it may be working for 70-80% only and it's frustrating for users if something doesn't work without a hint why this is the case.