feat: configure Axios CSRF session handling and extend session lifetime to 1 month#70
Merged
fikrimastor merged 15 commits intomainfrom Mar 14, 2026
Merged
Conversation
…me to 1 month
- Add Axios XSRF-TOKEN cookie config and withCredentials in app.ts (Inertia v2 recommended)
- Add router.on('invalid') handler to auto-reload page on 419 session expiry
- Extend session lifetime default from 120 to 43200 minutes (30 days)
- Update SESSION_LIFETIME in .env.example to match new default
- Add APP_KEY to phpunit.xml for test environment
- Add SessionConfigTest to verify session configuration values
https://claude.ai/code/session_01BJs8g9XYzJPCMxLspC4XzS
axios was imported in app.ts but missing from package.json, which would cause build failures in fresh installs. https://claude.ai/code/session_01BJs8g9XYzJPCMxLspC4XzS
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the Laravel + Inertia (Vue 3) application defaults to better handle CSRF/session behavior and to extend session persistence.
Changes:
- Configure Axios defaults in the Inertia app entrypoint and reload the page on Inertia “invalid” events for 419 responses.
- Extend the default Laravel session lifetime to 30 days and update
.env.exampleaccordingly. - Add test environment config (
APP_KEY) and introduce a Pest test asserting key session config defaults.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
resources/js/app.ts |
Adds Axios defaults and an Inertia router invalid handler to reload on 419. |
config/session.php |
Changes default SESSION_LIFETIME fallback from 120 to 43200 minutes. |
.env.example |
Updates example SESSION_LIFETIME value to 43200. |
phpunit.xml |
Adds APP_KEY for the test environment. |
tests/Feature/SessionConfigTest.php |
Adds Pest assertions for session config values (lifetime, expire-on-close, httpOnly, sameSite). |
package.json |
Adds Axios as a direct dependency. |
package-lock.json |
Updates lockfile to include Axios at the declared version and its transitive updates. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to improve session/CSRF resilience for an Inertia + Axios frontend and align session-related configuration/testing, while also including several ancillary changes (dependency lockfile updates, Docker compose, and some auth/controller behavior changes).
Changes:
- Configure Axios/Inertia client behavior to better handle 419/401 responses (reload-on-expiry) and enable credentialed requests.
- Adjust session-related configuration/examples and add a Pest test asserting key session config values; update test runtime config in
phpunit.xml. - Include additional changes not central to session handling (large
composer.lockupdates, newcompose.yaml, Passport token expiry tweaks, MemoryController query logic change, “remember me” on social login).
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Feature/SessionConfigTest.php | Adds Pest assertions for session config values (incl. lifetime). |
| resources/js/app.ts | Adds Axios defaults + interceptor and an Inertia router invalid handler to reload on expiry. |
| phpunit.xml | Adds APP_KEY and changes DB env configuration for tests. |
| bootstrap/app.php | Adds global exception response customization for 419 handling. |
| .env.example | Updates SESSION_LIFETIME example value to 43200 (30 days). |
| app/Http/Controllers/Auth/SocialAuthController.php | Switches social logins to remember: true. |
| app/Providers/AppServiceProvider.php | Sets Laravel Passport token expiry durations. |
| app/Http/Controllers/MemoryController.php | Reworks filtering/pagination to be in-memory using a collection + manual paginator. |
| compose.yaml | Adds a Sail-oriented compose setup including MySQL/Redis/RustFS. |
| composer.lock | Large dependency set update. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to improve CSRF/session-expiry handling for an Inertia + Laravel app (including Axios defaults and client/server handling of 419 responses) and to extend the default session lifetime to ~30 days, with supporting test/config updates.
Changes:
- Configure frontend request behavior for CSRF/session expiry (Axios defaults + reload handling; Inertia invalid handler).
- Adjust session lifetime defaults/documentation and add tests + testing APP_KEY.
- Update dependencies (composer.lock) and add a dev
compose.yamlstack.
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
resources/js/app.ts |
Adds Axios defaults and response interceptors; adds Inertia router.on('invalid') reload behavior. |
bootstrap/app.php |
Adds exception response customization for 419 responses (Inertia vs non-Inertia handling). |
tests/Feature/SessionConfigTest.php |
Adds session config assertions (lifetime/flags). |
phpunit.xml |
Sets APP_KEY for the test environment. |
.env.example |
Updates SESSION_LIFETIME example value to 43200. |
app/Http/Controllers/MemoryController.php |
Reworks memory listing/filtering/pagination logic. |
app/Providers/AppServiceProvider.php |
Sets Laravel Passport token expiry durations. |
app/Http/Controllers/Auth/SocialAuthController.php |
Makes social login persistent (remember: true) and adjusts imports/docblock. |
compose.yaml |
Adds Sail + MySQL/Redis/RustFS dev compose setup. |
composer.lock |
Updates PHP dependencies lockfile. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to improve session/CSRF handling for an Inertia + Axios Laravel app by configuring Axios credentials/CSRF behavior, adding client/server handling for expired sessions, and updating session lifetime-related configuration and tests.
Changes:
- Configure Axios defaults and add client-side auto-reload behavior for expired/invalid sessions.
- Add/adjust server-side 419 handling and introduce a Pest test asserting session configuration values.
- Update local/dev/test configuration files (phpunit.xml, .env.example, compose.yaml) and refresh PHP dependencies in composer.lock.
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
resources/js/app.ts |
Adds Axios defaults + interceptor and an Inertia router.on('invalid') handler to reload on session expiry. |
bootstrap/app.php |
Adds an exception response hook to customize behavior for HTTP 419 responses. |
tests/Feature/SessionConfigTest.php |
Adds Pest assertions for session configuration (lifetime, httpOnly, sameSite, etc.). |
phpunit.xml |
Adds an APP_KEY for the test environment. |
.env.example |
Updates the example SESSION_LIFETIME to 43200 (30 days). |
app/Http/Controllers/Auth/SocialAuthController.php |
Uses “remember me” for OAuth logins and regenerates sessions after login. |
app/Http/Controllers/MemoryController.php |
Refactors query building for memory listing and project list generation. |
app/Providers/AppServiceProvider.php |
Sets Laravel Passport access/refresh/personal token expiration durations. |
compose.yaml |
Adds a Sail-style Docker Compose setup (app/mysql/redis/rustfs). |
composer.lock |
Updates locked dependency versions (framework, inertia-laravel, pest/phpunit, etc.). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to improve CSRF/session-expiry handling in the Inertia/Vue frontend and align server-side session configuration with a longer (30-day) session lifetime, while also adding test/env coverage for those settings.
Changes:
- Configure Axios defaults + add client-side reload behavior on session expiry (419) via Axios interceptor and Inertia router event.
- Update session lifetime configuration surfaced via
.env.exampleandphpunit.xml, plus add a new session config test. - Includes additional changes: Docker Compose (
compose.yaml) addition and broad PHP dependency updates incomposer.lock.
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
resources/js/app.ts |
Adds Axios defaults/interceptor and an Inertia router handler to reload on session invalidation. |
bootstrap/app.php |
Adds exception response customization for 419 JSON responses. |
app/Providers/AppServiceProvider.php |
Adjusts Laravel Passport token expiry configuration. |
app/Http/Controllers/MemoryController.php |
Refactors memories query building and project list retrieval. |
app/Http/Controllers/Auth/SocialAuthController.php |
Changes OAuth login behavior (remember-me + session regeneration). |
.env.example |
Updates example SESSION_LIFETIME to 43200 minutes (30 days). |
phpunit.xml |
Sets APP_KEY and SESSION_LIFETIME for the test environment. |
tests/Feature/SessionConfigTest.php |
Adds session configuration assertions. |
compose.yaml |
Introduces a Docker Compose definition for local development services. |
composer.lock |
Updates a large set of PHP dependencies/lockfile entries. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
… Pest, Socialite, Tailwind CSS, and Wayfinder development
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to make session/CSRF expiry behavior smoother for Inertia + Axios requests, while aligning environment/test configuration with a longer session lifetime and adding some local dev / AI tool configuration.
Changes:
- Configure Axios/Inertia client behavior to auto-reload on session expiry (419) and set Axios to send credentials.
- Update testing/environment defaults (phpunit + .env.example) and add a Pest test for session-related config.
- Bump Laravel MCP / Boost dependencies and add supporting tool configuration files (Boost/OpenCode/Codex/MCP), plus a new
compose.yaml.
Reviewed changes
Copilot reviewed 32 out of 35 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Feature/SessionConfigTest.php | Adds Pest coverage around session config values. |
| resources/js/app.ts | Adds Axios defaults + interceptor and Inertia router.on('invalid') reload behavior for expired sessions. |
| phpunit.xml | Sets testing APP_KEY and SESSION_LIFETIME env values. |
| opencode.json | Adds OpenCode MCP configuration for laravel-boost. |
| composer.lock | Updates lockfile for dependency bumps. |
| composer.json | Bumps laravel/mcp and laravel/boost version constraints. |
| compose.yaml | Adds Sail-style Docker Compose services (mysql/redis/rustfs). |
| bootstrap/app.php | Adds exception response customization for 419 JSON responses. |
| boost.json | Adds Laravel Boost configuration (agents/skills/packages). |
| app/Providers/AppServiceProvider.php | Configures Passport token expiration settings. |
| app/Http/Controllers/MemoryController.php | Refactors index query building and project list retrieval. |
| app/Http/Controllers/Auth/SocialAuthController.php | Adjusts OAuth login to use “remember me” and regenerates session after login. |
| CLAUDE.md | Removes Claude-specific repository guidance file. |
| AGENTS.md | Removes repository guidance file. |
| .mcp.json | Switches MCP server command to run via Sail. |
| .gitignore | Ignores removed agent docs + local skills directories. |
| .github/skills/wayfinder-development/SKILL.md | Adds Wayfinder skill documentation. |
| .github/skills/tailwindcss-development/SKILL.md | Adds Tailwind v4 skill documentation. |
| .github/skills/socialite-development/SKILL.md | Adds Socialite skill documentation. |
| .github/skills/pest-testing/SKILL.md | Adds Pest v4 skill documentation. |
| .github/skills/passport-development/SKILL.md | Adds Passport skill documentation. |
| .github/skills/mcp-development/SKILL.md | Adds MCP skill documentation. |
| .github/skills/inertia-vue-development/SKILL.md | Adds Inertia + Vue skill documentation. |
| .github/skills/fortify-development/SKILL.md | Adds Fortify skill documentation. |
| .env.example | Updates example SESSION_LIFETIME to 30 days. |
| .codex/config.toml | Adds Codex MCP server configuration. |
| .ai/skills/wayfinder-development/SKILL.md | Adds Wayfinder skill documentation (AI tool directory). |
| .ai/skills/tailwindcss-development/SKILL.md | Adds Tailwind v4 skill documentation (AI tool directory). |
| .ai/skills/socialite-development/SKILL.md | Adds Socialite skill documentation (AI tool directory). |
| .ai/skills/pest-testing/SKILL.md | Adds Pest v4 skill documentation (AI tool directory). |
| .ai/skills/passport-development/SKILL.md | Adds Passport skill documentation (AI tool directory). |
| .ai/skills/mcp-development/SKILL.md | Adds MCP skill documentation (AI tool directory). |
| .ai/skills/inertia-vue-development/SKILL.md | Adds Inertia + Vue skill documentation (AI tool directory). |
| .ai/skills/fortify-development/SKILL.md | Adds Fortify skill documentation (AI tool directory). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://claude.ai/code/session_01BJs8g9XYzJPCMxLspC4XzS