Comments (2)
francislavoie
commented on May 18, 2024
1
I just randomly fell upon this...
The point is that is if the browser is closed, (no pages to the site still open), the user can come back within the 2 hour (default) lifetime to keep using their session. This lib allows that behavior to still work, where if a browser is closed for longer than the lifetime, then the session actually expires. This lib just prevents expiry if a page is still open, so that when the user tries to submit the form, they won't get a CSRF token exception. It tries to guarantee that the form can be worked on for more than the lifetime safely.
from laravel-caffeine.
mikebronner
commented on May 18, 2024
1
Hi @garygreen - @francislavoie is right. This package is not intended for secure sites.
- It will only prolong the session on pages that have forms in them.
- it is meant for sites where it is intented for forms not to time out.
- Session WILL expire if the user's computer goes to sleep (the drips seize being sent).
- It is meant to remain secure, as long as the user' computer remains secure (i.e. not in a shared environment or workplace) by not exposing the CSRF token through an API endpoint.
- It differs from setting the session lifetime to a very high value for the above reasons. This is an intentional design, providing a balance between unnecessarily high session lifetimes and insecure forms.
from laravel-caffeine.
Related Issues (20)
- Issue in production when changing the drip endpoint url default HOT 5
- Can't install in Laravel 7.0.1 HOT 1
- Vue.js @click events not working after installing 7.0 HOT 8
- Issue parsing inline javascript HOT 9
- What's wrong with exposing the CSRF token? HOT 1
- Caffeine javascript is behind closing body-tag HOT 4
- Dependency incompatibility issues for laravel 5 (and suspected 6) HOT 1
- Add Laravel 8.x support
- Move to GitHub Actions for CI. HOT 1
- Failed Installation HOT 3
- Ath_j22 HOT 1
- Composer require error HOT 2
- Issue with caffeine not loading other packages correctly when it refreshes. HOT 1
- Should fix when the device is in sleep mode HOT 1
- The included script is added in a place where it affects my site layout HOT 2
- Laravel 9 support HOT 7
- Deprecation warning using with PHP 8.1 HOT 3
- Laravel 10 support HOT 5
- Not Working in Production environment HOT 4
- XSRF Header Support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from laravel-caffeine.