Cookie-less REST API with Laravel

We learned to rely on browser cookies for many years. Some of us don’t even realize and understand the “magical” relationship between a browser and PHP script on server-side. Only when we get out of the “box” and look at what is going on, then we start to grasp the oddities.

When we work on a mobile application or a desktop application, which does not use any embedded browser or such components, we have to do think differently and come up with another way to associate separate requests with same PHP “session” (if you want to call them).

With Laravel 3, it was a bit of a headache to alter the way the sessions were started and loaded. We had to bodge it so that if the request contains a special HTTP header, which carries an authentication token, then we use that token/ID to load the session: pretty neat.

Header entry:

PHP code in application/start.php

PHP code on laravel/session.php

However, it is annoying that many developers/companies still don’t take it seriously when it comes to cookie-less communication and user privacy. I think, they do want to track every move of their visitors/users!

Leave a Comment