README

The default database session handler of Laravel stores the IP and User Agent in the session. This is problematic in many ways, as this is data that is unnecessary, not well protected, and not even used anywhere, also leading to issues with the GDPR. This database handler is exactly the same as the original one, but removes this unnecessary data.

Installation

You can install the package via composer:

composer require hexafuchs/laravel-database-privacy

Usage

If you want to make sure you get the session table of this package, use the following artisan command:

php artisan make:privacy-session-table

The package also tries to hook into the original command, but you should check your migration file to make sure ìp_address and user_agent are missing.

Also, of course, change your session handler to database in your .env or using the method of you prefer.

To check everything is working correctly, you can execute the following command (assuming your session handler is the same in the CLI and on the webserver):

php artisan session:handler

It should return Hexafuchs\PrivacyFriendlyDatabaseSessionHandler\PrivacyFriendlyDatabaseSessionHandler.

If it does not work, try manually adding the provider to your bootstrap/providers.php:

return [
    ...,
    \Hexafuchs\PrivacyFriendlyDatabaseSessionHandler\PrivacyFriendlyDatabaseSessionHandlerServiceProvider::class,
];

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

License

The MIT License (MIT). Please see License File for more information.