Read more
Security Tip: Your JWT Might Be a Forever Key!
[Tip #127] Without an `exp` claim, a JWT can remain valid forever, turning a leaked token into permanent access.
Security Tip: Validate Config at Boot
[Tip #126] Rather than checking for essential config when it's used, throw the checks in your Service Provider - you'll know about configuration failures before your users get a weird error.
In Depth: Email Verification Isn't as Simple as You Think
[In Depth #38] You can't trust an email address you haven't verified, so why are you storing them in your database?
Security Tip: Consider All Routes, Not Just Web!
[Tip #125] routes/web.php is boring and reliable, and routes/api.php is fancy, but have you forgotten one?