With Stef

Laravel Articles
Laravel Videos
General Articles
YouTube Journey Series

21st January 2021  •  General

How to stop Laravel setting default cookies

This post includes affiliate links; I may receive compensation if you purchase products or services from links provided in this article.

We've all seen them a million times and they annoy us way more than they solve a problem.

Cookie consent banners have become so common these days that half the time I just click the button to get rid of them without a second thought.

When I started this website I set out with a clear set of goals in mind - simple, quick and informative. One thing that doesn't fit in with those ideals is a horrible cookie banner. So I looked for a solution.

When do you need a cookie banner?

As far as I understand it (and I'm no legal expert!) you need a cookie consent banner when you store information in cookies or via other methods (such as local storage) and they are not required in order for the site to function.

You don't need to have one when you only use cookies in order for the site to function correctly - such as to remember a user is logged in.

So what did I decide?

This site is intentionally simple.

Even though it's built in Laravel, it's essentially a static site.

There's no logins or other bells and whistles.

Therefore I decided there was no reason to store cookies at all - removing the requirement to have a cookie consent banner. Simple.

Stop Laravel setting cookies

Even if you're not using any features that require cookies, by default Laravel sets two - a laravel_session cookie, and an xsrf_token cookie.

I don't need the session cookie because I'm not using sessions for anything on the site.

There are also no forms on the website, so the xsrf token is not required either.

To stop Laravel creating these cookies, first I commented the following lines in app/Http/Kernel.php

'web' => [

Then, I set the session driver to array in my .env file:


As simple as that.

What about stats?

The usual culprit for storing cookies that aren't required for a site to function are those set by a stats service such as Google Analytics.

Obviously I want to see how my site's performing, how visitors find the site, see which posts are popular and what type of content goes down well with visitors.

That shouldn't mean my site has to set intrusive cookies.

And so I looked around for an alternative and found Fathom.

Fathom take privacy very seriously, and their stats service doesn't store any cookies at all. It tracks visitors anonymously so I can see a simple set of stats about my site - visitors, referrals, bounce rate, time on site, country etc.

This means everyone can be happy - no cookie banner, no intrusive cookies. It even respects visitors who have opted out of tracking services.

Thanks for reading, hopefully you found this article useful. If you want to chat about anything in this article or about anything to do with code you can find me on Twitter @CodingWithStef, and on my YouTube channel.

No cookie policy