>_SkillsHub

> laravel-sessions-middleware

Expert standards for session drivers, security headers, and middleware logic. Use when configuring session drivers, security headers, or custom middleware in Laravel. (triggers: app/Http/Middleware/**/*.php, config/session.php, session, driver, handle, headers, csrf)

fetch
$curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/laravel-sessions-middleware?format=md"
SKILL.mdlaravel-sessions-middleware

Laravel Sessions & Middleware

Priority: P1 (HIGH)

Structure

app/Http/
├── Middleware/         # Custom logic layers
└── Kernel.php          # Global/Group registration

Implementation Guidelines

  • Session Driver: Use redis or memcached for production/high-density environments.
  • Middleware Chain: Keep logic granular; one middleware per responsibility.
  • Global Middleware: Apply via bootstrap/app.php only for true globals (logging, headers).
  • Security Headers: Standardize headers (HSTS, CSP, X-Frame) via dedicated middleware.
  • CSRF Protection: Ensure VerifyCsrfToken is active for all web routes.
  • Session Lifecycle: Use $request->session()->regenerate() after login/privilege changes.

Anti-Patterns

  • File Streams: No file session driver: Avoid in scaled apps due to I/O locks.
  • Env direct: No env('SESSION_...'): Always use config('session...').
  • Heavy Bloat: No heavy logic in Middleware: Offload to Services if >10 lines.
  • Trusting Client: No sensitive data in Cookies: Store in server sessions only.

References

> related_skills --same-repo

> typescript-tooling

Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling. (triggers: tsconfig.json, .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, vitest, build, compile, lint)

> typescript-security

Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)

> typescript-language

Modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings. (triggers: **/*.ts, **/*.tsx, tsconfig.json, type, interface, generic, enum, union, intersection, readonly, const, namespace)

> typescript-best-practices

Idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic. (triggers: **/*.ts, **/*.tsx, class, function, module, import, export, async, promise)

┌ stats

installs/wk0
░░░░░░░░░░
github stars341
██████████
first seenMar 17, 2026
└────────────

┌ repo

HoangNguyen0403/agent-skills-standard
by HoangNguyen0403
└────────────

┌ tags

#auth#php#security
└────────────