|
|
- <?php
-
- use Illuminate\Support\Str;
-
- return [
-
- /*
- |--------------------------------------------------------------------------
- | Default Session Driver
- |--------------------------------------------------------------------------
- |
- | This option determines the default session driver that is utilized for
- | incoming requests. Laravel supports a variety of storage options to
- | persist session data. Database storage is a great default choice.
- |
- | Supported: "file", "cookie", "database", "apc",
- | "memcached", "redis", "dynamodb", "array"
- |
- */
-
- 'driver' => env('SESSION_DRIVER', 'database'),
-
- /*
- |--------------------------------------------------------------------------
- | Session Lifetime
- |--------------------------------------------------------------------------
- |
- | Here you may specify the number of minutes that you wish the session
- | to be allowed to remain idle before it expires. If you want them
- | to expire immediately when the browser is closed then you may
- | indicate that via the expire_on_close configuration option.
- |
- */
-
- 'lifetime' => env('SESSION_LIFETIME', 120),
-
- 'expire_on_close' => env('SESSION_EXPIRE_ON_CLOSE', false),
-
- /*
- |--------------------------------------------------------------------------
- | Session Encryption
- |--------------------------------------------------------------------------
- |
- | This option allows you to easily specify that all of your session data
- | should be encrypted before it's stored. All encryption is performed
- | automatically by Laravel and you may use the session like normal.
- |
- */
-
- 'encrypt' => env('SESSION_ENCRYPT', false),
-
- /*
- |--------------------------------------------------------------------------
- | Session File Location
- |--------------------------------------------------------------------------
- |
- | When utilizing the "file" session driver, the session files are placed
- | on disk. The default storage location is defined here; however, you
- | are free to provide another location where they should be stored.
- |
- */
-
- 'files' => storage_path('framework/sessions'),
-
- /*
- |--------------------------------------------------------------------------
- | Session Database Connection
- |--------------------------------------------------------------------------
- |
- | When using the "database" or "redis" session drivers, you may specify a
- | connection that should be used to manage these sessions. This should
- | correspond to a connection in your database configuration options.
- |
- */
-
- 'connection' => env('SESSION_CONNECTION'),
-
- /*
- |--------------------------------------------------------------------------
- | Session Database Table
- |--------------------------------------------------------------------------
- |
- | When using the "database" session driver, you may specify the table to
- | be used to store sessions. Of course, a sensible default is defined
- | for you; however, you're welcome to change this to another table.
- |
- */
-
- 'table' => env('SESSION_TABLE', 'sessions'),
-
- /*
- |--------------------------------------------------------------------------
- | Session Cache Store
- |--------------------------------------------------------------------------
- |
- | When using one of the framework's cache driven session backends, you may
- | define the cache store which should be used to store the session data
- | between requests. This must match one of your defined cache stores.
- |
- | Affects: "apc", "dynamodb", "memcached", "redis"
- |
- */
-
- 'store' => env('SESSION_STORE'),
-
- /*
- |--------------------------------------------------------------------------
- | Session Sweeping Lottery
- |--------------------------------------------------------------------------
- |
- | Some session drivers must manually sweep their storage location to get
- | rid of old sessions from storage. Here are the chances that it will
- | happen on a given request. By default, the odds are 2 out of 100.
- |
- */
-
- 'lottery' => [2, 100],
-
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Name
- |--------------------------------------------------------------------------
- |
- | Here you may change the name of the session cookie that is created by
- | the framework. Typically, you should not need to change this value
- | since doing so does not grant a meaningful security improvement.
- |
- */
-
- 'cookie' => env(
- 'SESSION_COOKIE',
- Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
- ),
-
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Path
- |--------------------------------------------------------------------------
- |
- | The session cookie path determines the path for which the cookie will
- | be regarded as available. Typically, this will be the root path of
- | your application, but you're free to change this when necessary.
- |
- */
-
- 'path' => env('SESSION_PATH', '/'),
-
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Domain
- |--------------------------------------------------------------------------
- |
- | This value determines the domain and subdomains the session cookie is
- | available to. By default, the cookie will be available to the root
- | domain and all subdomains. Typically, this shouldn't be changed.
- |
- */
-
- 'domain' => env('SESSION_DOMAIN'),
-
- /*
- |--------------------------------------------------------------------------
- | HTTPS Only Cookies
- |--------------------------------------------------------------------------
- |
- | By setting this option to true, session cookies will only be sent back
- | to the server if the browser has a HTTPS connection. This will keep
- | the cookie from being sent to you when it can't be done securely.
- |
- */
-
- 'secure' => env('SESSION_SECURE_COOKIE'),
-
- /*
- |--------------------------------------------------------------------------
- | HTTP Access Only
- |--------------------------------------------------------------------------
- |
- | Setting this value to true will prevent JavaScript from accessing the
- | value of the cookie and the cookie will only be accessible through
- | the HTTP protocol. It's unlikely you should disable this option.
- |
- */
-
- 'http_only' => env('SESSION_HTTP_ONLY', true),
-
- /*
- |--------------------------------------------------------------------------
- | Same-Site Cookies
- |--------------------------------------------------------------------------
- |
- | This option determines how your cookies behave when cross-site requests
- | take place, and can be used to mitigate CSRF attacks. By default, we
- | will set this value to "lax" to permit secure cross-site requests.
- |
- | See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
- |
- | Supported: "lax", "strict", "none", null
- |
- */
-
- 'same_site' => env('SESSION_SAME_SITE', 'lax'),
-
- /*
- |--------------------------------------------------------------------------
- | Partitioned Cookies
- |--------------------------------------------------------------------------
- |
- | Setting this value to true will tie the cookie to the top-level site for
- | a cross-site context. Partitioned cookies are accepted by the browser
- | when flagged "secure" and the Same-Site attribute is set to "none".
- |
- */
-
- 'partitioned' => env('SESSION_PARTITIONED_COOKIE', false),
-
- ];
|