JSON requests and $request->json()

Intermediate5 min read·lv-09-005

Concept

Cookies in Laravel are automatically encrypted (via EncryptCookies middleware) and decoded on read. All cookies set by Laravel are signed/encrypted with APP_KEY, preventing tampering.

Reading cookies: $request->cookie(string $name): Returns the decrypted cookie value. $request->hasCookie(string $name): Check existence.

Setting cookies: Cookie::make(), Cookie::queue(), response()->cookie(). Cookie::queue() adds a cookie to the response for the current request; response()->cookie() attaches to a specific response.

Session is separate from cookies — $request->session() accesses the current session driver's data. The session ID is stored in a cookie, but session data is server-side.

$request->session(): Returns the Session instance. Methods: get($key), put($key, $value), push($key, $value), forget($key), all(), has($key), flush(), regenerate(), invalidate().

Flash data: Session data that lasts one request. session()->flash('status', 'Saved!'). session()->keep(['status']) keeps flash data for another request. $request->session()->flashInput() — flash current input for repopulation.

The session() helper: session('key', 'default') gets. session(['key' => 'value']) sets.

Code Example

php

<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cookie;

// Reading cookies (decrypted automatically)
public function readCookies(Request $request): void
{
    $theme   = $request->cookie('user_theme', 'light');
    $consent = $request->cookie('cookie_consent');
    $hasLang = $request->hasCookie('language');
}

// Setting cookies on response
public function setPreference(Request $request): \Illuminate\Http\Response
{
    return response('Preference saved')
        ->cookie('user_theme', $request->theme, 60 * 24 * 365)   // 1 year
        ->cookie('language', $request->lang, 60 * 24 * 30);       // 30 days
}

// Cookie::queue — set cookie without building response
Cookie::queue('tracking_id', bin2hex(random_bytes(16)), 60 * 24 * 365);

// Forget a cookie
return response()->withoutCookie('old_cookie');

// Session — reading
public function dashboard(Request $request): View
{
    $userId = $request->session()->get('user_id');
    $alerts = session('alerts', []); // helper shorthand

    return view('dashboard', compact('userId', 'alerts'));
}

// Session — writing
public function update(Request $request): RedirectResponse
{
    // ... update logic ...
    $request->session()->put('last_updated', now());
    $request->session()->push('activity', 'profile_updated');

    // Flash (one-request session data)
    $request->session()->flash('success', 'Profile updated successfully!');

    return redirect()->route('profile.show');
}

// Session — in Blade template
// {{ session('success') }}
// @if(session('success'))
//     <div class="alert">{{ session('success') }}</div>
// @endif

// Clearing session
$request->session()->forget(['cart', 'coupon']);
$request->session()->flush(); // clear everything
$request->session()->regenerate(); // new session ID (after login)

PreviousFile uploads — $request->file(), store(), storeAs()Request & Input NextForm Request classes — custom request validation and authorizationRequest & Input