123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 |
- <?php
- use Illuminate\Support\Str;
- return [
- /*
- |--------------------------------------------------------------------------
- | Default Session Driver
- |--------------------------------------------------------------------------
- |
- | This option controls the default session "driver" that will be used on
- | requests. By default, we will use the lightweight native driver but
- | you may specify any of the other wonderful drivers provided here.
- |
- | Supported: "file", "cookie", "database", "apc",
- | "memcached", "redis", "dynamodb", "array"
- |
- */
- 'driver' => env('SESSION_DRIVER', 'file'),
- /*
- |--------------------------------------------------------------------------
- | Session Lifetime
- |--------------------------------------------------------------------------
- |
- | Here you may specify the number of minutes that you wish the session
- | to be allowed to remain idle before it expires. If you want them
- | to immediately expire on the browser closing, set that option.
- |
- */
- 'lifetime' => env('SESSION_LIFETIME', 120),
- 'expire_on_close' => false,
- /*
- |--------------------------------------------------------------------------
- | Session Encryption
- |--------------------------------------------------------------------------
- |
- | This option allows you to easily specify that all of your session data
- | should be encrypted before it is stored. All encryption will be run
- | automatically by Laravel and you can use the Session like normal.
- |
- */
- 'encrypt' => false,
- /*
- |--------------------------------------------------------------------------
- | Session File Location
- |--------------------------------------------------------------------------
- |
- | When using the native session driver, we need a location where session
- | files may be stored. A default has been set for you but a different
- | location may be specified. This is only needed for file sessions.
- |
- */
- 'files' => storage_path('framework/sessions'),
- /*
- |--------------------------------------------------------------------------
- | Session Database Connection
- |--------------------------------------------------------------------------
- |
- | When using the "database" or "redis" session drivers, you may specify a
- | connection that should be used to manage these sessions. This should
- | correspond to a connection in your database configuration options.
- |
- */
- 'connection' => env('SESSION_CONNECTION', null),
- /*
- |--------------------------------------------------------------------------
- | Session Database Table
- |--------------------------------------------------------------------------
- |
- | When using the "database" session driver, you may specify the table we
- | should use to manage the sessions. Of course, a sensible default is
- | provided for you; however, you are free to change this as needed.
- |
- */
- 'table' => 'sessions',
- /*
- |--------------------------------------------------------------------------
- | Session Cache Store
- |--------------------------------------------------------------------------
- |
- | When using the "apc", "memcached", or "dynamodb" session drivers you may
- | list a cache store that should be used for these sessions. This value
- | must match with one of the application's configured cache "stores".
- |
- */
- 'store' => env('SESSION_STORE', null),
- /*
- |--------------------------------------------------------------------------
- | Session Sweeping Lottery
- |--------------------------------------------------------------------------
- |
- | Some session drivers must manually sweep their storage location to get
- | rid of old sessions from storage. Here are the chances that it will
- | happen on a given request. By default, the odds are 2 out of 100.
- |
- */
- 'lottery' => [2, 100],
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Name
- |--------------------------------------------------------------------------
- |
- | Here you may change the name of the cookie used to identify a session
- | instance by ID. The name specified here will get used every time a
- | new session cookie is created by the framework for every driver.
- |
- */
- 'cookie' => env(
- 'SESSION_COOKIE',
- Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
- ),
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Path
- |--------------------------------------------------------------------------
- |
- | The session cookie path determines the path for which the cookie will
- | be regarded as available. Typically, this will be the root path of
- | your application but you are free to change this when necessary.
- |
- */
- 'path' => '/',
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Domain
- |--------------------------------------------------------------------------
- |
- | Here you may change the domain of the cookie used to identify a session
- | in your application. This will determine which domains the cookie is
- | available to in your application. A sensible default has been set.
- |
- */
- 'domain' => env('SESSION_DOMAIN', null),
- /*
- |--------------------------------------------------------------------------
- | HTTPS Only Cookies
- |--------------------------------------------------------------------------
- |
- | By setting this option to true, session cookies will only be sent back
- | to the server if the browser has a HTTPS connection. This will keep
- | the cookie from being sent to you if it can not be done securely.
- |
- */
- 'secure' => env('SESSION_SECURE_COOKIE'),
- /*
- |--------------------------------------------------------------------------
- | HTTP Access Only
- |--------------------------------------------------------------------------
- |
- | Setting this value to true will prevent JavaScript from accessing the
- | value of the cookie and the cookie will only be accessible through
- | the HTTP protocol. You are free to modify this option if needed.
- |
- */
- 'http_only' => true,
- /*
- |--------------------------------------------------------------------------
- | Same-Site Cookies
- |--------------------------------------------------------------------------
- |
- | This option determines how your cookies behave when cross-site requests
- | take place, and can be used to mitigate CSRF attacks. By default, we
- | do not enable this as other CSRF protection services are in place.
- |
- | Supported: "lax", "strict", "none", null
- |
- */
- 'same_site' => 'lax',
- ];
|