I'm trying to wrap my head around how Laravel handles session data without digging too deeply into the code, due to time contraints.
It appears that the session ID ('laravel_session', by default) which is stored in a cookie is encrypted, because it is a different, much longer value than I get if I print the value of Session::getId()
So I'm assuming that Laravel is encrypting this value before dropping the cookie, and then decrypting the value to do the session data look-up every time session data is required.
So I guess my first question is:
1. Why is the session ID obfuscated like this? I'm presuming that it is for security purposes?
Secondly, I see no 'user_id' (or similarly worded) key in the actual session data once it has been pulled from disk. In fact, the only thing I see aside from the CSRF _token value is some entry like 'login_42e5d2c566bd0811218f0cf078b76bfd' = 1.
2. What is this data responsible for?
3. Can someone please give me a brief overview of how Laravel associates the session data with a specific user ID?
Why are you digging into the session to get the user ID? You can have sessions without logging in - so user ID doesnt always mean something.
If you want the currently logged in user - then you should be using Auth::user()->id