Questions

If I have specific routes that I don't want Laravel to use laravel_session. You can apply that to any routes you want.

Ex. For example, if you want to apply to only these 2 routes :

url1 or url2

Route::get('/url1', 'SampleController@fnName');

Route::get('/url2', 'SampleController@fnName2');

Create /app/Http/Middleware/StartSessionMiddleware.php

<?php
namespace App\Http\Middleware;

use Closure;
use Config;

use Illuminate\Session\Middleware\StartSession as BaseStartSession;

class StartSessionMiddleware extends BaseStartSession
{

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next) {

        if($request->is('url1') || $request->is('url2')) {
            Config::set('session.driver', 'array');
        }

        return parent::handle($request, $next);
    }
}

Register that by appending a line into /app/Http/Kernel.php

\App\Http\Middleware\StartSessionMiddleware::class,

and now, that laravel_session should not be there anymore for those 2 routes.

I hope this can help someone.

For anyone searching, in Laravel 5.5+ you can change the env variable SESSION_COOKIE=. If you have a little older app, you might need to set this in config/session.php directly.

Use

if($request->path('url1') || $request->path('url2')) {

to look for a url path. For EU Cookie tracking I used:

<?php
  namespace App\Http\Middleware;

  use Closure;
  use Config;

  use Illuminate\Session\Middleware\StartSession as BaseStartSession;

  class StartSessionMiddleware extends BaseStartSession
  {

/**
 * Handle an incoming request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  \Closure  $next
 * @return mixed
 */
public function handle($request, Closure $next) {

    if(!isset($_COOKIE['my-cookie'])) {
        Config::set('session.driver', 'array');
    }

    return parent::handle($request, $next);
  }
}

with my-cookie as the name of the cookie you are setting when user accepts.

If you don't want to start a session at all, in Laravel 5.1 go to app/Http/Kernel.php and comment out the session-related parts:

protected $middleware = [
    \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    \App\Http\Middleware\EncryptCookies::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    // \Illuminate\Session\Middleware\StartSession::class,
    // \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    // \App\Http\Middleware\VerifyCsrfToken::class,
];

Note that it's not sufficient to only rip out the StartSession middleware, you'll also have to disable ShareErrorsFromSession and VerifyCsrfToken since they rely on a session being present. If you want more logic like excluding it for certain routes, you could override the StartSession middelware. I don't know of any other side effects though because I haven't tested it.

If you don't need sessions or all the website related functions because, for instance, you're only building an API, you might want to have a look at Laravel Lumen that is streamlined for this purpose.

And by the way: The session driver only defines where/how to store the session server-side. From the client side it's still just an encrypted cookie.