Join the light side, we have no cookies.
If you haven't been in hibernation the last couples of weeks you might have heard of something called
In response to these abusive practices, some developers have decided to follow a better path, removing every cookie that is not needed. For example, my website doesn't have a single cookie, Spatie new website won't have any either.
I encourage every developer to do the same and if you are using Laravel, here's how you can (very) easily get rid of the default cookies set by the framework.
I'm currently looking into removing the need for a cookie to prevent CSRF attacks, but haven't found anything conclusive for the moment. If you have some inside for this, let me know!
If you don't need to prevent CSRF attack (ie. you don't have forms on your website), you can (and should) get rid of this cookie. Luckily Laravel allows you to remove it without having to spend tons of hours deep in the code.
The CSRF token is added by a middleware if we remove it, we remove the cookie. Open
app/Http/Kernel.php and look for
The middleware you want to remove (or comment) is
\App\Http\Middleware\VerifyCsrfToken::class in the
web group. When it's done, reload your browser, open the console and... it's gone.
Such wow 😱
If you don't plan to store data in session or if you plan on having a stateless application (eg. using JWT) this cookie is useless for you.
Similar to the CSRF token, to remove the session cookie, all you need to do is removing some middleware from the
Here are the two middlewares that are responsible for the session.
Reload, and enjoy.
And for my last trick...
You might have spotted it, but in the
middlewareGroups, there are two more middlewares we can get rid of the remove all cookies completely.
Now you have successfully removed all cookies from your Laravel application. You can now enjoy the carefree, cookie-free, experience on your site.
I'm sure there are other ways to achieve the same result, better or worst. This is how I did it for my website and it worked, that is the most important thing in our industry. People will always have better solutions, no matter how perfect your code is.
If you would have done it differently or if you did it in another way, let me know! Always grateful to learn new stuff.
Spotted a mistake? Noticed something to improve? Feel free to edit this post on GitHub.