PHP: 8.2
Laravel Framework: 11
We’re aiming to leverage Cloudfront to cache our blog posts. Ideally, when a guest visits /posts/news-item-1, we want to include Cache-Control: max-age=3600, public headers to enable Cloudfront caching for the content. However, for logged-in users, the content needs to remain private and uncachable. Here’s the caveat: we still require session and cookie functionality for other pages and functionalities within the application.
To achieve this, we’re looking to implement middleware to conditionally disable the laravel_session and XSRF-TOKEN cookies specifically on guest pages. While we have a working solution, we believe there might be a more elegant and streamlined approach.
PageSpeed.php
namespace AppHttpMiddleware;
class PageSpeed
{
public function handle(Request $request, Closure $next): Response
{
// Logic to disable cookies, Auth::check() etc...
$request->merge(['cdn_cache' => true]);
return $next($request);
}
}
VerifyCsrfToken.php
namespace AppHttpMiddleware;
use IlluminateFoundationHttpMiddlewareVerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
public function shouldAddXsrfTokenCookie()
{
if ($this->app->request->get('cdn_cache')) {
return false;
}
return $this->addHttpCookie;
}
}
StartSession.php
namespace AppHttpMiddleware;
use IlluminateHttpRequest;
use IlluminateSessionMiddlewareStartSession as Middleware;
class StartSession extends Middleware
{
protected function handleStatefulRequest(Request $request, $session, Closure|Closure $next)
{
$request->setLaravelSession(
$this->startSession($request, $session)
);
$this->collectGarbage($session);
$response = $next($request);
$this->storeCurrentUrl($request, $session);
if (!$request->get('cdn_cache')) {
$this->addCookieToResponse($response, $session);
}
$this->saveSession($request);
return $response;
}
}