1 | <?php
|
---|
2 |
|
---|
3 | use Illuminate\Support\Str;
|
---|
4 |
|
---|
5 | return [
|
---|
6 |
|
---|
7 | /*
|
---|
8 | |--------------------------------------------------------------------------
|
---|
9 | | Default Session Driver
|
---|
10 | |--------------------------------------------------------------------------
|
---|
11 | |
|
---|
12 | | This option controls the default session "driver" that will be used on
|
---|
13 | | requests. By default, we will use the lightweight native driver but
|
---|
14 | | you may specify any of the other wonderful drivers provided here.
|
---|
15 | |
|
---|
16 | | Supported: "file", "cookie", "database", "apc",
|
---|
17 | | "memcached", "redis", "dynamodb", "array"
|
---|
18 | |
|
---|
19 | */
|
---|
20 |
|
---|
21 | 'driver' => env('SESSION_DRIVER', 'file'),
|
---|
22 |
|
---|
23 | /*
|
---|
24 | |--------------------------------------------------------------------------
|
---|
25 | | Session Lifetime
|
---|
26 | |--------------------------------------------------------------------------
|
---|
27 | |
|
---|
28 | | Here you may specify the number of minutes that you wish the session
|
---|
29 | | to be allowed to remain idle before it expires. If you want them
|
---|
30 | | to immediately expire on the browser closing, set that option.
|
---|
31 | |
|
---|
32 | */
|
---|
33 |
|
---|
34 | 'lifetime' => env('SESSION_LIFETIME', 120),
|
---|
35 |
|
---|
36 | 'expire_on_close' => false,
|
---|
37 |
|
---|
38 | /*
|
---|
39 | |--------------------------------------------------------------------------
|
---|
40 | | Session Encryption
|
---|
41 | |--------------------------------------------------------------------------
|
---|
42 | |
|
---|
43 | | This option allows you to easily specify that all of your session data
|
---|
44 | | should be encrypted before it is stored. All encryption will be run
|
---|
45 | | automatically by Laravel and you can use the Session like normal.
|
---|
46 | |
|
---|
47 | */
|
---|
48 |
|
---|
49 | 'encrypt' => false,
|
---|
50 |
|
---|
51 | /*
|
---|
52 | |--------------------------------------------------------------------------
|
---|
53 | | Session File Location
|
---|
54 | |--------------------------------------------------------------------------
|
---|
55 | |
|
---|
56 | | When using the native session driver, we need a location where session
|
---|
57 | | files may be stored. A default has been set for you but a different
|
---|
58 | | location may be specified. This is only needed for file sessions.
|
---|
59 | |
|
---|
60 | */
|
---|
61 |
|
---|
62 | 'files' => storage_path('framework/sessions'),
|
---|
63 |
|
---|
64 | /*
|
---|
65 | |--------------------------------------------------------------------------
|
---|
66 | | Session Database Connection
|
---|
67 | |--------------------------------------------------------------------------
|
---|
68 | |
|
---|
69 | | When using the "database" or "redis" session drivers, you may specify a
|
---|
70 | | connection that should be used to manage these sessions. This should
|
---|
71 | | correspond to a connection in your database configuration options.
|
---|
72 | |
|
---|
73 | */
|
---|
74 |
|
---|
75 | 'connection' => env('SESSION_CONNECTION'),
|
---|
76 |
|
---|
77 | /*
|
---|
78 | |--------------------------------------------------------------------------
|
---|
79 | | Session Database Table
|
---|
80 | |--------------------------------------------------------------------------
|
---|
81 | |
|
---|
82 | | When using the "database" session driver, you may specify the table we
|
---|
83 | | should use to manage the sessions. Of course, a sensible default is
|
---|
84 | | provided for you; however, you are free to change this as needed.
|
---|
85 | |
|
---|
86 | */
|
---|
87 |
|
---|
88 | 'table' => 'sessions',
|
---|
89 |
|
---|
90 | /*
|
---|
91 | |--------------------------------------------------------------------------
|
---|
92 | | Session Cache Store
|
---|
93 | |--------------------------------------------------------------------------
|
---|
94 | |
|
---|
95 | | While using one of the framework's cache driven session backends you may
|
---|
96 | | list a cache store that should be used for these sessions. This value
|
---|
97 | | must match with one of the application's configured cache "stores".
|
---|
98 | |
|
---|
99 | | Affects: "apc", "dynamodb", "memcached", "redis"
|
---|
100 | |
|
---|
101 | */
|
---|
102 |
|
---|
103 | 'store' => env('SESSION_STORE'),
|
---|
104 |
|
---|
105 | /*
|
---|
106 | |--------------------------------------------------------------------------
|
---|
107 | | Session Sweeping Lottery
|
---|
108 | |--------------------------------------------------------------------------
|
---|
109 | |
|
---|
110 | | Some session drivers must manually sweep their storage location to get
|
---|
111 | | rid of old sessions from storage. Here are the chances that it will
|
---|
112 | | happen on a given request. By default, the odds are 2 out of 100.
|
---|
113 | |
|
---|
114 | */
|
---|
115 |
|
---|
116 | 'lottery' => [2, 100],
|
---|
117 |
|
---|
118 | /*
|
---|
119 | |--------------------------------------------------------------------------
|
---|
120 | | Session Cookie Name
|
---|
121 | |--------------------------------------------------------------------------
|
---|
122 | |
|
---|
123 | | Here you may change the name of the cookie used to identify a session
|
---|
124 | | instance by ID. The name specified here will get used every time a
|
---|
125 | | new session cookie is created by the framework for every driver.
|
---|
126 | |
|
---|
127 | */
|
---|
128 |
|
---|
129 | 'cookie' => env(
|
---|
130 | 'SESSION_COOKIE',
|
---|
131 | Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
|
---|
132 | ),
|
---|
133 |
|
---|
134 | /*
|
---|
135 | |--------------------------------------------------------------------------
|
---|
136 | | Session Cookie Path
|
---|
137 | |--------------------------------------------------------------------------
|
---|
138 | |
|
---|
139 | | The session cookie path determines the path for which the cookie will
|
---|
140 | | be regarded as available. Typically, this will be the root path of
|
---|
141 | | your application but you are free to change this when necessary.
|
---|
142 | |
|
---|
143 | */
|
---|
144 |
|
---|
145 | 'path' => '/',
|
---|
146 |
|
---|
147 | /*
|
---|
148 | |--------------------------------------------------------------------------
|
---|
149 | | Session Cookie Domain
|
---|
150 | |--------------------------------------------------------------------------
|
---|
151 | |
|
---|
152 | | Here you may change the domain of the cookie used to identify a session
|
---|
153 | | in your application. This will determine which domains the cookie is
|
---|
154 | | available to in your application. A sensible default has been set.
|
---|
155 | |
|
---|
156 | */
|
---|
157 |
|
---|
158 | 'domain' => env('SESSION_DOMAIN'),
|
---|
159 |
|
---|
160 | /*
|
---|
161 | |--------------------------------------------------------------------------
|
---|
162 | | HTTPS Only Cookies
|
---|
163 | |--------------------------------------------------------------------------
|
---|
164 | |
|
---|
165 | | By setting this option to true, session cookies will only be sent back
|
---|
166 | | to the server if the browser has a HTTPS connection. This will keep
|
---|
167 | | the cookie from being sent to you when it can't be done securely.
|
---|
168 | |
|
---|
169 | */
|
---|
170 |
|
---|
171 | 'secure' => env('SESSION_SECURE_COOKIE'),
|
---|
172 |
|
---|
173 | /*
|
---|
174 | |--------------------------------------------------------------------------
|
---|
175 | | HTTP Access Only
|
---|
176 | |--------------------------------------------------------------------------
|
---|
177 | |
|
---|
178 | | Setting this value to true will prevent JavaScript from accessing the
|
---|
179 | | value of the cookie and the cookie will only be accessible through
|
---|
180 | | the HTTP protocol. You are free to modify this option if needed.
|
---|
181 | |
|
---|
182 | */
|
---|
183 |
|
---|
184 | 'http_only' => true,
|
---|
185 |
|
---|
186 | /*
|
---|
187 | |--------------------------------------------------------------------------
|
---|
188 | | Same-Site Cookies
|
---|
189 | |--------------------------------------------------------------------------
|
---|
190 | |
|
---|
191 | | This option determines how your cookies behave when cross-site requests
|
---|
192 | | take place, and can be used to mitigate CSRF attacks. By default, we
|
---|
193 | | will set this value to "lax" since this is a secure default value.
|
---|
194 | |
|
---|
195 | | Supported: "lax", "strict", "none", null
|
---|
196 | |
|
---|
197 | */
|
---|
198 |
|
---|
199 | 'same_site' => 'lax',
|
---|
200 |
|
---|
201 | /*
|
---|
202 | |--------------------------------------------------------------------------
|
---|
203 | | Partitioned Cookies
|
---|
204 | |--------------------------------------------------------------------------
|
---|
205 | |
|
---|
206 | | Setting this value to true will tie the cookie to the top-level site for
|
---|
207 | | a cross-site context. Partitioned cookies are accepted by the browser
|
---|
208 | | when flagged "secure" and the Same-Site attribute is set to "none".
|
---|
209 | |
|
---|
210 | */
|
---|
211 |
|
---|
212 | 'partitioned' => false,
|
---|
213 |
|
---|
214 | ];
|
---|