You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just went through the upgrade process from laravel 6 -> 7 and although it mostly went smoothly, we hit a fairly gnarly issue that we ended up eventually debugging to be caused by EncryptCookies running too late in the middleware stack. The symptom was essentially that cookies were not being encrypted if an exception was thrown and the browser would eventually get logged out due to this from silently failing to decrypt the session on future requests. However the cause ended up being due to a change in laravel 7 that added throttle middleware to the middlewarePriority and we previously had it in our middleware group before the encrypt cookies. This caused all other priority middleware (StartSession and Auth) to be sorted before EncryptCookies upon upgrading to laravel 7.
Two questions:
Should mention of adding the throttle to the default ordering be added in the upgrade steps to prevent others from hitting this sort of issue? If so I can open an issue on laravel/docs.
Should EncryptCookies be added to the middlewarePriority to come before StartSession? Or is there a reason to ever have EncryptCookies run later in the stack?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I just went through the upgrade process from laravel 6 -> 7 and although it mostly went smoothly, we hit a fairly gnarly issue that we ended up eventually debugging to be caused by EncryptCookies running too late in the middleware stack. The symptom was essentially that cookies were not being encrypted if an exception was thrown and the browser would eventually get logged out due to this from silently failing to decrypt the session on future requests. However the cause ended up being due to a change in laravel 7 that added throttle middleware to the
middlewarePriorityand we previously had it in our middleware group before the encrypt cookies. This caused all other priority middleware (StartSession and Auth) to be sorted before EncryptCookies upon upgrading to laravel 7.Two questions:
EncryptCookiesbe added to the middlewarePriority to come beforeStartSession? Or is there a reason to ever haveEncryptCookiesrun later in the stack?Beta Was this translation helpful? Give feedback.
All reactions