How to disable cookies in Laravel 5?

Question

I'm having single-page app made on Laravel 5.1. I use localStorage to keep API key and I don't need cookies. Laravel creates two cookies for me:

• XSRF-TOKEN
• laravel_session

If I set SESSION_DRIVER to array in my environment config, laravel_session cookie is no longer generated.

But I think there might be a problem with XSRF-TOKEN cookie, because I found out this piece of code in VerifyCsrfToken middleware class:

public function handle($request, Closure $next)
{
    if ($this->isReading($request) || $this->shouldPassThrough($request) || $this->tokensMatch($request)) {
        return $this->addCookieToResponse($request, $next($request));
    }

    throw new TokenMismatchException;
}

And addCookieToResponse method looks like this:

protected function addCookieToResponse($request, $response)
{
    $config = config('session');

    $response->headers->setCookie(
        new Cookie(
            'XSRF-TOKEN', $request->session()->token(), time() + 60 * 120,
            $config['path'], $config['domain'], false, false
        )
    );

    return $response;
}

It seems like it sets this cookie no matter what. I could disable this middleware, but I want to use it to verify CSRF token with HTTP headers. Can I disable cookies completely?

Answer 1

Simply comment out the lines in app\Http\Kernel.php which related to cookies and sessions. The following ones which I found;

\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,

Hope it helps.