Disable HTTP sessions in your Laravel API endpoints

Published 25 November 2019 09:29 (1-minute read)

The most important and used endpoints on most of the application I work on is the API. These are both public as internal API's. After we disabled the HTTP sessions for the API endpoints we saw a stability improvement.

If you don't need sessions, you can simple remove the following middlewares:

\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,

Sometimes you have multiple middleware groups (for example web & api). You should add above middlewares to the groups which use the session.

To see more information about how this works, take a look at: https://ma.ttias.be/disable-http-sessions-in-laravel-to-speed-up-your-api/

Robin Dirksen

Follow me on Twitter, there I post web-related content, tips/tricks, and other interesting things.

On my blog, you can find articles that I've found useful or wanted to share with anyone else.

If you want to know more about this article or just want to talk to me, don't hesitate to reach out.