genealabs / laravel-caffeine
Keeping Your Laravel Forms Awake
Maintainers
Fund package maintenance!
Requires
- illuminate/routing: ^11.0|^12.0|^13.0
- illuminate/support: ^11.0|^12.0|^13.0
Requires (Dev)
- orchestra/testbench: ^9.0|^10.0|^11.0
- phpmd/phpmd: ^2.13
- phpunit/phpunit: ^11.5.3|^12.0
- dev-master
- 13.0.0
- 12.0.3
- 12.0.2
- 12.0.1
- 12.0.0
- 11.0.0
- 10.0.2
- 10.0.1
- 10.0.0
- 9.0.4
- 9.0.3
- 9.0.2
- 9.0.1
- 9.0.0
- 8.0.0
- 7.0.2
- 7.0.1
- 7.0.0
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.8.3
- 0.8.2
- 0.8.1
- 0.8.0
- 0.7.1
- 0.7.0
- 0.6.12
- 0.6.11
- 0.6.10
- 0.6.9
- 0.6.8
- 0.6.7
- 0.6.6
- 0.6.5
- 0.6.4
- 0.6.3
- 0.6.2
- 0.6.1
- 0.6.0
- 0.5.0
- 0.4.2
- 0.4.1
- 0.4.0
- 0.3.12
- 0.3.11
- 0.3.10
- 0.3.9
- 0.3.8
- 0.3.7
- 0.3.6
- 0.3.5
- 0.3.4
- 0.3.3
- 0.3.2
- 0.3.1
- 0.3.0
- 0.2.4
- 0.2.3
- 0.2.2
- 0.2.1
- 0.2.0
- 0.1.2
- 0.1.1
- 0.1.0
- dev-feat/163-add-laravel-13-support
- dev-feat/164-add-php-8-5-support
- dev-revert-140-l9-compatibility
- dev-dependabot/add-v2-config-file
- dev-feature/upgrade-to-laravel-8
- dev-develop
- dev-feature/fix-middleware-response
- dev-laravel-5.6
- dev-laravel-5.5
- dev-laravel-5.4
This package is auto-updated.
Last update: 2026-03-01 17:34:26 UTC
README
๐๏ธ Table of Contents
- ๐ Summary
- ๐ฆ Installation
- โ๏ธ Configuration
- ๐ Usage
- โ ๏ธ Considerations
- โฌ๏ธ Upgrading
- ๐ค Contributing
- ๐ Security
๐ Summary
Prevent forms from timing out when submitting them after leaving them on-screen for a considerable amount of time. Laravel defaults session lifetime to 120 minutes, but that is configurable and could be different site-by-site.
โ Caffeine works by sending a "drip" โ a lightweight AJAX request at regular
intervals โ to keep the session alive while a form is open. It only activates on
pages with a _token field or a csrf-token meta tag, so all other pages
time-out as normal.
๐ Why This Approach?
This package keeps the integrity of your site's security by avoiding the following:
- ๐ซ Exposing the CSRF Token on an unsecured endpoint.
- ๐ซ Eliminating CSRF Token validation on specific routes, or altogether.
- ๐ซ Removing session-timeout on all pages.
๐ Requirements
- PHP 8.2+
- Laravel 11, 12, or 13
๐ฆ Installation
composer require genealabs/laravel-caffeine
โจ The service provider is auto-discovered. No additional setup is required.
โ๏ธ Configuration
Only publish the config file if you need to customize it:
php artisan caffeine:publish --config
This creates the following config file:
return [ /* |-------------------------------------------------------------------------- | Drip Interval |-------------------------------------------------------------------------- | | Here you may configure the interval with which Caffeine for Laravel | keeps the session alive. By default this is 5 minutes (expressed | in milliseconds). This needs to be shorter than your session | lifetime value configured set in "config/session.php". | | Default: 300000 (int) | */ 'drip-interval' => 300000, /* |-------------------------------------------------------------------------- | Domain |-------------------------------------------------------------------------- | | You may optionally configure a separate domain that you are running | Caffeine for Laravel on. This may be of interest if you have a | monitoring service that queries other apps. Setting this to | null will use the domain of the current application. | | Default: null (null|string) | */ 'domain' => null, /* |-------------------------------------------------------------------------- | Drip Endpoint URL |-------------------------------------------------------------------------- | | Sometimes you may wish to white-label your app and not expose the AJAX | request URLs as belonging to this package. To achieve that you can | rename the URL used for dripping caffeine into your application. | | Default: 'genealabs/laravel-caffeine/drip' (string) | */ 'route' => 'genealabs/laravel-caffeine/drip', /* |-------------------------------------------------------------------------- | Checking for Lapsed Drips |-------------------------------------------------------------------------- | | If the browser tab is suspended due to inactivity or the device is put to | sleep, it will still cause an error when trying to submit the form. To | avoid this, we force-reload the form 2 minutes prior to session | time-out or later. Setting this setting to 0 will disable this | check if you don't want to use it. | | Default: 2000 (int) | */ 'outdated-drip-check-interval' => 2000, /* |-------------------------------------------------------------------------- | Use Route Middleware |-------------------------------------------------------------------------- | | Drips are enabled via route middleware instead of global middleware. | | Default: false (bool) | */ 'use-route-middleware' => false, ];
๐ Usage
That's it! It will apply itself automatically where it finds a form with a
_token field, or a meta tag named "csrf-token", while pages are open in
browsers. ๐
๐ซ Prevent Caffeination
There are two methods to prevent Caffeine from keeping the session alive:
๐ท๏ธ Meta Tag Method
Add the following meta tag to any page you want to exclude:
<meta name="caffeinated" content="false">
๐ฃ๏ธ Route Middleware Method
Publish the config file and set use-route-middleware to true. This disables
the default global middleware mode. Then selectively enable Caffeine on specific
routes or route groups:
Route::any('test', 'TestController@test')->middleware('caffeinated'); Route::middleware(['caffeinated'])->group(function () { Route::any('test', 'TestController@test'); });
๐ Note: This will only have effect if the page includes a form. If not, the page will not caffeinate your application anyway.
โ ๏ธ Considerations
๐ Livewire / Inertia / SPA
This package works by injecting JavaScript that pings a keep-alive endpoint. It is designed for traditional Blade forms. If you are using Livewire or Inertia, their built-in request cycles typically keep the session alive already, so this package is generally unnecessary in those contexts.
๐ง Incompatible Packages
- Voyager has been reported as being incompatible. To work around this, configure Caffeine to use route-based middleware on all non-Voyager routes.
๐ค๏ธ Routes
This package registers routes under genealabs/laravel-caffeine.
โฌ๏ธ Upgrading
0.6.0
This update changed the config file setting names. Delete the published config
file config/genealabs-laravel-caffeine.php if it exists, and re-publish using
the command in the Configuration section.
For all other version changes, see the Releases page on GitHub.
๐ค Contributing
Contributions are welcome! ๐ Please review the Contribution Guidelines and observe the Code of Conduct before submitting a pull request.
๐งช Quality Checklist
- โ Achieve as close to 100% code coverage as possible using unit tests.
- โ Be fully PSR-1, PSR-4, and PSR-12 compliant.
- โ Provide an up-to-date CHANGELOG.md adhering to Keep a Changelog.
- โ Have no PHPMD or PHPCS warnings throughout all code.
๐ Security
If you discover a security vulnerability, please report it via GitHub Security Advisories rather than opening a public issue.
Built with โค๏ธ for the Laravel community using lots of โ by Mike Bronner.
This is an MIT-licensed open-source project. Its continued development is made possible by the community. If you find it useful, please consider ๐ becoming a sponsor and โญ starring it on GitHub.