PHPackages                             ycs77/laravel-recover-session - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. ycs77/laravel-recover-session

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

ycs77/laravel-recover-session
=============================

Recover Laravel session when form post back from third-party API.

v1.2.0(2y ago)24.9k—8.7%2MITPHPPHP &gt;=8.1

Since Jun 11Pushed 1y ago1 watchersCompare

[ Source](https://github.com/ycs77/laravel-recover-session)[ Packagist](https://packagist.org/packages/ycs77/laravel-recover-session)[ Docs](https://github.com/ycs77/laravel-recover-session)[ Patreon](https://www.patreon.com/ycs77)[ RSS](/packages/ycs77-laravel-recover-session/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (7)Dependencies (11)Versions (8)Used By (2)

Laravel Recover Session
=======================

[](#laravel-recover-session)

[![Latest Version on Packagist](https://camo.githubusercontent.com/8caa0fc3cfc282a7ac781ebfdd68d4ecd83109ea0bdeffdb256f20ceae1e216b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f79637337372f6c61726176656c2d7265636f7665722d73657373696f6e3f7374796c653d666c61742d737175617265)](https://packagist.org/packages/ycs77/laravel-recover-session)[![Software License](https://camo.githubusercontent.com/c090e080484e2a2bc766446291d04437db823929042bf614b26a1643660ddf6f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e3f7374796c653d666c61742d737175617265)](LICENSE)[![GitHub Tests Action Status](https://camo.githubusercontent.com/798051c024fb09b14867c8ed42f6ec753e47af2bdebdcaec14ebc8689832201e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f79637337372f6c61726176656c2d7265636f7665722d73657373696f6e2f74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/ycs77/laravel-recover-session/actions/workflows/tests.yml?query=branch%3Amain)[![Style CI Build Status](https://camo.githubusercontent.com/1d13800d7948c1e2df281b7cf6105d35f50bebb17975388503ca7b1de909c4c4/68747470733a2f2f6769746875622e7374796c6563692e696f2f7265706f732f3635313937333133342f736869656c643f7374796c653d666c61742d737175617265)](https://github.styleci.io/repos/651973134)[![Total Downloads](https://camo.githubusercontent.com/9654565121f8c354a6a7a15891966095d0667254640f89ba9b4a5f4d83a1d559/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f79637337372f6c61726176656c2d7265636f7665722d73657373696f6e3f7374796c653d666c61742d737175617265)](https://packagist.org/packages/ycs77/laravel-recover-session)

Recover Laravel session when sending a form post request back from a third-party API like NewebPay.

Currently, Laravel's default Cookie SameSite value is set to `Lax`. This setting prevents cookies from being sent when using form post requests to transmit data to websites on other domains. Consequently, after completing a payment and being redirected back to the original website, users may appear to be automatically logged out due to the inability to retrieve the original login cookie. This package addresses and resolves this issue.

Installation
------------

[](#installation)

Via Composer:

```
composer require ycs77/laravel-recover-session
```

Publish config:

```
php artisan vendor:publish --tag=recover-session-config
```

Usage
-----

[](#usage)

Now you need to call `RecoverSession::preserve()` to save the current session ID into the cache and include the key in your callback URL. This allows the current session to be resumed after the API returns with the key:

```
use Ycs77\LaravelRecoverSession\Facades\RecoverSession;

public function pay(Request $request)
{
    $key = RecoverSession::preserve($request);

    ThirdPartyApi::callbackUrl('/pay/callback?sid='.$key);

    // send post form request to the third-party API...
}
```

This package will automatically retrieve the encrypted session ID from the callback URL and restore the original session state upon returning to the site.

> Reference details for the SameSite:

Manually Register Middleware
----------------------------

[](#manually-register-middleware)

If you are not using the global recover session, you can set the config `recover-session.global` to `false`, and adjust the order of the middleware so that `RecoverSession` is placed below `StartSession`. by default, Laravel's `Kernel` does not include the `$middlewarePriority` property, so you need to add it manually.

If you are using Laravel 9 or 10, you should add the `$middlewarePriority` property in your application's `app/Http/Kernel.php` file:

```
class Kernel extends HttpKernel
{
    /**
     * The priority-sorted list of middleware.
     *
     * Forces non-global middleware to always be in the given order.
     *
     * @var string[]
     */
    protected $middlewarePriority = [
        \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
        \Illuminate\Cookie\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Ycs77\LaravelRecoverSession\Middleware\RecoverSession::class, // need to place `RecoverSession` below `StartSession`
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \Illuminate\Contracts\Auth\Middleware\AuthenticatesRequests::class,
        \Illuminate\Routing\Middleware\ThrottleRequests::class,
        \Illuminate\Routing\Middleware\ThrottleRequestsWithRedis::class,
        \Illuminate\Contracts\Session\Middleware\AuthenticatesSessions::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \Illuminate\Auth\Middleware\Authorize::class,
    ];
}
```

If you are using Laravel 11+, you can add the `RecoverSession` middleware to the `$middlewarePriority` property in the `app/Http/Kernel.php` file:

```
->withMiddleware(function (Middleware $middleware) {
    $middleware->priority([
        \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
        \Illuminate\Cookie\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Ycs77\LaravelRecoverSession\Middleware\RecoverSession::class, // need to place `RecoverSession` below `StartSession`
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \Illuminate\Foundation\Http\Middleware\ValidateCsrfToken::class,
        \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        \Illuminate\Routing\Middleware\ThrottleRequests::class,
        \Illuminate\Routing\Middleware\ThrottleRequestsWithRedis::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \Illuminate\Contracts\Auth\Middleware\AuthenticatesRequests::class,
        \Illuminate\Auth\Middleware\Authorize::class,
    ]);
})
```

If you are using Laravel 11.31+, it provides a concise method to append middleware to the priority list:

```
->withMiddleware(function (Middleware $middleware) {
    $middleware->appendToPriorityList(
        \Ycs77\LaravelRecoverSession\Middleware\RecoverSession::class,
        \Illuminate\Routing\Middleware\ValidateSignature::class
    );
})
```

Final, you can add the `RecoverSession` middleware to the callback route for the API:

```
use Ycs77\LaravelRecoverSession\Middleware\RecoverSession;

Route::post('/pay/callback', [PaymentController::class, 'callback'])
    ->middleware(RecoverSession::class);
```

Sponsor
-------

[](#sponsor)

If you think this package has helped you, please consider [Becoming a sponsor](https://www.patreon.com/ycs77) to support my work~ and your avatar will be visible on my major projects.

 [ ![](https://camo.githubusercontent.com/be34c63895cd13789477fcf54bf48d2f6d9e0872b33e3a2a88aa17be43037e9f/68747470733a2f2f63646e2e6a7364656c6976722e6e65742f67682f79637337372f7374617469632f73706f6e736f72732e737667) ](https://www.patreon.com/ycs77)

[ ![Become a Patron](https://camo.githubusercontent.com/ef7b855018f1f680eeba6fd1ac470b9c1971ef883b2f4b9fcf41034274510e3f/68747470733a2f2f63352e70617472656f6e2e636f6d2f65787465726e616c2f6c6f676f2f6265636f6d655f615f706174726f6e5f627574746f6e2e706e67)](https://www.patreon.com/ycs77)Credits
-------

[](#credits)

- [SameSite Cookie 之踩坑過程](https://kira5033.github.io/2020/09/samesite-cookie-%E4%B9%8B%E8%B8%A9%E5%9D%91%E9%81%8E%E7%A8%8B/)
- [imi/laravel-transsid](https://github.com/iMi-digital/laravel-transsid)

License
-------

[](#license)

[MIT LICENSE](LICENSE)

###  Health Score

35

—

LowBetter than 80% of packages

Maintenance31

Infrequent updates — may be unmaintained

Popularity26

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~1 days

Total

7

Last Release

1063d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/a5a1e0caa0c50990d8ffc70d4a095706a4e2b71bd6a0f08860744f773c6f99a9?d=identicon)[ycs77](/maintainers/ycs77)

---

Top Contributors

[![ycs77](https://avatars.githubusercontent.com/u/38133356?v=4)](https://github.com/ycs77 "ycs77 (27 commits)")

###  Code Quality

TestsPest

### Embed Badge

![Health badge](/badges/ycs77-laravel-recover-session/health.svg)

```
[![Health](https://phpackages.com/badges/ycs77-laravel-recover-session/health.svg)](https://phpackages.com/packages/ycs77-laravel-recover-session)
```

###  Alternatives

[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9682.1M97](/packages/roots-acorn)[laravel/pulse

Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application.

1.7k12.1M99](/packages/laravel-pulse)[aedart/athenaeum

Athenaeum is a mono repository; a collection of various PHP packages

245.2k](/packages/aedart-athenaeum)[spatie/laravel-honeypot

Preventing spam submitted through forms

1.6k6.0M60](/packages/spatie-laravel-honeypot)[psalm/plugin-laravel

Psalm plugin for Laravel

3274.9M308](/packages/psalm-plugin-laravel)[proengsoft/laravel-jsvalidation

Validate forms transparently with Javascript reusing your Laravel Validation Rules, Messages, and FormRequest

1.1k2.3M49](/packages/proengsoft-laravel-jsvalidation)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)