laravel-sessions-middleware
Expert standards for session drivers, security headers, and middleware logic. Use when configuring session drivers, security headers, or custom middleware in Laravel. (triggers: app/Http/Middleware/**/*.php, config/session.php, session, driver, handle, headers, csrf)
Best use case
laravel-sessions-middleware is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Expert standards for session drivers, security headers, and middleware logic. Use when configuring session drivers, security headers, or custom middleware in Laravel. (triggers: app/Http/Middleware/**/*.php, config/session.php, session, driver, handle, headers, csrf)
Teams using laravel-sessions-middleware should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/laravel-sessions-middleware/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How laravel-sessions-middleware Compares
| Feature / Agent | laravel-sessions-middleware | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Expert standards for session drivers, security headers, and middleware logic. Use when configuring session drivers, security headers, or custom middleware in Laravel. (triggers: app/Http/Middleware/**/*.php, config/session.php, session, driver, handle, headers, csrf)
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Laravel Sessions & Middleware
## **Priority: P1 (HIGH)**
## Structure
```text
app/Http/
├── Middleware/ # Custom logic layers
└── Kernel.php # Global/Group registration
```
## Implementation Guidelines
### Session Architecture
- **Drivers**: Set **`SESSION_DRIVER=redis`** in `.env` for production/scaled environments.
- **Dependencies**: Install **`predis/predis`** and **avoid file driver** due to I/O lock issues at scale.
- **Security**: Call **`$request->session()->regenerate()`** after successful authentication to prevent **session fixation**. Call **`$request->session()->invalidate()`** on logout.
- **Access**: **Never access `env('SESSION_DRIVER')`** directly in code; always use **`config('session.driver')`**. Clear caches via **`php artisan config:clear`**.
### Middleware Pipeline
- **Custom Middleware**: Use **`php artisan make:middleware EnsureTokenIsValid`**. Implement **`handle(Request $request, Closure $next): Response`**.
- **Registration**: Register new middleware in **`bootstrap/app.php`** using **`withMiddleware()`**.
- **Security Headers**: Standardize **HSTS, CSP, X-Frame-Options, and X-Content-Type-Options** in dedicated security middleware. Register as **global** middleware.
- **Priority**: Use **`withMiddleware(fn($m) => $m->append(MyMiddleware::class))`** or **`prepend()`** for highest priority.
- **Performance**: **Avoid heavy computation** in global middleware; delegate these to domain services.
## Anti-Patterns
- **No file session driver in production**: Use Redis or Memcached instead.
- **No `env()` for session config**: Use `config('session.*')` instead.
- **No heavy logic in Middleware**: Delegate complex logic to Services.
- **No sensitive data in cookies**: Store securely in server sessions only.
## References
- [Advanced Middleware Patterns](references/implementation.md)Related Skills
rate-limit-middleware
Rate Limit Middleware - Auto-activating skill for Backend Development. Triggers on: rate limit middleware, rate limit middleware Part of the Backend Development skill category.
gin-middleware-creator
Gin Middleware Creator - Auto-activating skill for Backend Development. Triggers on: gin middleware creator, gin middleware creator Part of the Backend Development skill category.
error-handler-middleware
Error Handler Middleware - Auto-activating skill for Backend Development. Triggers on: error handler middleware, error handler middleware Part of the Backend Development skill category.
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
laravel-expert
Senior Laravel Engineer role for production-grade, maintainable, and idiomatic Laravel solutions. Focuses on clean architecture, security, performance, and modern standards (Laravel 10/11+).
laravel-specialist
Use when building Laravel 10+ applications requiring Eloquent ORM, API resources, or queue systems. Invoke for Laravel models, Livewire components, Sanctum authentication, Horizon queues.
laravel-verification
Verification loop for Laravel projects: env checks, linting, static analysis, tests with coverage, security scans, and deployment readiness.
laravel-tdd
使用 PHPUnit 和 Pest、工厂、数据库测试、模拟以及覆盖率目标进行 Laravel 的测试驱动开发。
laravel-patterns
Laravel架构模式、路由/控制器、Eloquent ORM、服务层、队列、事件、缓存以及用于生产应用的API资源。
Laravel — The PHP Framework for Web Artisans
You are an expert in Laravel, the most popular PHP framework for building web applications and APIs. You help developers build production systems with Eloquent ORM, Blade templating, Artisan CLI, queues, events, middleware, authentication (Sanctum/Breeze), Livewire for reactive UI, and a rich ecosystem of first-party packages — enabling rapid development without sacrificing code quality.
laravel-tooling
Ecosystem management, Artisan, and asset bundling. Use when managing Composer dependencies, Artisan commands, or Vite asset bundling in Laravel. (triggers: package.json, composer.json, vite.config.js, artisan, vite, horizon, pint, blade)
laravel-testing
Automated testing standards with Pest and PHPUnit. Use when writing Pest or PHPUnit feature/unit tests in Laravel applications. (triggers: tests/**/*.php, phpunit.xml, feature, unit, mock, factory, sqlite)