Laravel Version using - 5.4
In laravel when unauthorized user trying to login, a separate session is been created, I want to stop this session value creation and updation for unauthorized users
Ex - When a user trying to access https://www.example.com/login by providing wrong credentials in that case session value is been created/updated.
Session value will create/update for every request - In laravel all request pass through kernal.php Where StartSession is one middleware that is included globally.
app/Http/Kernal.php
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Illuminate\Session\Middleware\StartSession::class,
];
\Illuminate\Session\Middleware\StartSession::class - having one method.
/**
* Start the session for the given request.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\Session\Session
*/
protected function startSession(Request $request)
{
return tap($this->getSession($request), function ($session) use ($request) {
$session->setRequestOnHandler($request);
$session->start();
});
}
which will create a session for every request. I would like to restrict the creation of a session in case of the unauthorized user who is trying "/login" URL & in case of forgot password or with invalid credentials.
Here, session driver, we are using as Redis server
SESSION_DRIVER=redis
As the session is been created for every request - Redis server memory utilization is getting consumed completely because of that I would like to restrict session creation / updation in case of forgot password or with invalid credentials.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire