PHPackages haifanghui/session-monster - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. haifanghui/session-monster ActiveLibrary haifanghui/session-monster ========================== A monster eating session cookies - works with Varnish + Laravel 148.5k5PHP Since Sep 28Pushed 11y ago1 watchersCompare [ Source](https://github.com/HaiFangHui/sessionmonster)[ Packagist](https://packagist.org/packages/haifanghui/session-monster)[ RSS](/packages/haifanghui-session-monster/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) sessionmonster ============== [](#sessionmonster) SessionMonster eats sessions in Laravel Why? ==== [](#why) A theory is Varnish should always be caching all the traffic. If - Response is a "function" of the current state - The state is defined solely by the request body However, if the request sent to Varnish does have any session cookie (`laravelsessionid=blahblah`), and since Varnish is not able to look into Laravel session storage system, it has to passthrough all the traffic for this request - no caching. Also Varnish is not able to cache response from web servers if it returns with cookie. Ideally, if there is no requirement for session storage, our application should not start a new session or load a session. If there is no new session created, there should be no cookie set from web application. In that case, Varnish should be aggressively caching all the traffic. The target of this project is to delay the session cookie from being set, until doing so becomes meaningful. For example, when a new client (A) comes to , he then goes to to view all the news about Australian property market, during the whole process, there should be no session cookie set in his browser. However, when A goes to and login, there *should be* a session created - since the user's ID would be stored in it. How it works? ============= [](#how-it-works) When SessionMonster registers itself `SessionMonsterServiceProvider`, it inject a closure to Laravel's response hook, it would figure out if there is any valuable session data in the session storage for each of the response. When SessionMonster figures out there is no data in the response session, it would send a `X-No-Session: yeah` header with the response. A correspondent Varnish VCL section looks like this, ``` if (beresp.http.X-No-Session ~ "yeah") { unset beresp.http.set-cookie; } ``` This would strip all the cookie from response if `X-No-Session` header is `yeah`. This project is used in HaiFangHui.com production site, and it serves us pretty good. ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity28 Limited adoption so far Community10 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/2c7f8e88e334541cb21654a5a9697380a98e9291ee9b01c466a951203f0a8207?d=identicon)[haifanghui](/maintainers/haifanghui) --- Top Contributors [![qsun](https://avatars.githubusercontent.com/u/136623?v=4)](https://github.com/qsun "qsun (6 commits)") ### Embed Badge ![Health badge](/badges/haifanghui-session-monster/health.svg) ``` [![Health](https://phpackages.com/badges/haifanghui-session-monster/health.svg)](https://phpackages.com/packages/haifanghui-session-monster) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)