hoangnguyen0403/laravel-sessions-middleware
skills/laravel/laravel-sessions-middleware/SKILL.md
Configure Redis session drivers, register security-header middleware, and prevent session fixation in Laravel. Use when switching session drivers, adding HSTS/CSP headers via middleware, or regenerating sessions after login.
$ install --global
skillsauthnpx skillsauth add hoangnguyen0403/agent-skills-standard laravel-sessions-middlewareInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 3:34 AM172.9s3 files scanned
SKILL.md
- name:
- laravel-sessions-middleware
- description:
- Configure Redis session drivers, register security-header middleware, and prevent session fixation in Laravel. Use when switching session drivers, adding HSTS/CSP headers via middleware, or regenerating sessions after login.
Laravel Sessions & Middleware
Priority: P1 (HIGH)
Workflow: Secure Sessions & Add Middleware
- Set Redis driver —
SESSION_DRIVER=redisin.env; installpredis/predis. - Regenerate on login — Call
$request->session()->regenerate()after authentication. - Create security middleware — Add HSTS, CSP, X-Frame-Options headers.
- Register globally — Use
withMiddleware(fn($m) => $m->append(...))inbootstrap/app.php.
Security Headers Middleware Example
See implementation examples for security headers middleware and directory structure.
Implementation Guidelines
Session Architecture
- Drivers: Set
SESSION_DRIVER=redisin.envfor production/scaled environments. - Dependencies: Install
predis/predisand avoid file driver due to I/O lock issues at scale. - Security: Call
$request->session()->regenerate()after successful authentication to prevent session fixation. Call$request->session()->invalidate()on logout. - Access: Never access
env('SESSION_DRIVER')directly in code; always useconfig('session.driver'). Clear caches viaphp artisan config:clear.
Middleware Pipeline
- Custom Middleware: Use
php artisan make:middleware EnsureTokenIsValid. Implementhandle(Request $request, Closure $next): Response. - Registration: Register new middleware in
bootstrap/app.phpusingwithMiddleware(). - Security Headers: Standardize HSTS, CSP, X-Frame-Options, and X-Content-Type-Options in dedicated security middleware. Register as global middleware.
- Priority: Use
withMiddleware(fn($m) => $m->append(MyMiddleware::class))orprepend()for highest priority. - Performance: Avoid heavy computation in global middleware; delegate these to domain services.
Anti-Patterns
- No file session driver in production: Use Redis or Memcached instead.
- No
env()for session config: Useconfig('session.*')instead. - No heavy logic in Middleware: Delegate complex logic to Services.
- No sensitive data in cookies: Store securely in server sessions only.
References
- Advanced Middleware Patterns
Related Skills
hoangnguyen0403/common-software-requirements
development
VerifiedTrustedCommunity
Standardize SRS and FRS specifications for technical behavior, interfaces, data contracts, quality constraints, and verification mapping. Use when writing SRS, functional specification, system behavior requirements, API/data contracts, or non-functional thresholds.
503SKILL.mdUpdated May 23, 2026
hoangnguyen0403/common-business-requirements
development
VerifiedTrustedCommunity
Standardize BRD and BRD-lite discovery for business goals, stakeholder impact, current-to-future state, and measurable value outcomes. Use when creating BRD, business case, project justification, ROI narrative, or AS-IS to TO-BE scope.
503SKILL.mdUpdated May 23, 2026
hoangnguyen0403/common-tdd
development
VerifiedTrustedCommunity
Implements a strict Red-Green-Refactor loop to ensure zero production code is written without a prior failing test. Use when: creating new features, fixing bugs, or expanding test coverage.
503SKILL.mdUpdated May 10, 2026
hoangnguyen0403/common-product-requirements
testing
VerifiedTrustedCommunity
Standardize PRD discovery and drafting for product scope, user outcomes, requirement IDs, and acceptance criteria. Use when creating PRD, product requirements, feature specification, or acceptance criteria plan.
503SKILL.mdUpdated May 10, 2026