The default database session handler of Laravel stores the IP and User Agent in the session. This is problematic in many ways, as this is data that is unnecessary, not well protected, and not even used anywhere, also leading to issues with the GDPR. This database handler is exactly the same as the original one, but removes this unnecessary data.
You can install the package via composer:
composer require hexafuchs/laravel-database-privacyIf you want to make sure you get the session table of this package, use the following artisan command:
php artisan make:privacy-session-tableThe package also tries to hook into the original command, but you should check your migration file to make sure
ìp_address and user_agent are missing.
Also, of course, change your session handler to database in your .env or using the method of you prefer.
To check everything is working correctly, you can execute the following command (assuming your session handler is the same in the CLI and on the webserver):
php artisan session:handlerIt should return Hexafuchs\PrivacyFriendlyDatabaseSessionHandler\PrivacyFriendlyDatabaseSessionHandler.
If it does not work, try manually adding the provider to your bootstrap/providers.php:
return [
...,
\Hexafuchs\PrivacyFriendlyDatabaseSessionHandler\PrivacyFriendlyDatabaseSessionHandlerServiceProvider::class,
];composer testPlease see CHANGELOG for more information on what has changed recently.
The MIT License (MIT). Please see License File for more information.