session.php 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
  1. <?php
  2. use Illuminate\Support\Str;
  3. return [
  4. /*
  5. |--------------------------------------------------------------------------
  6. | Default Session Driver
  7. |--------------------------------------------------------------------------
  8. |
  9. | This option controls the default session "driver" that will be used on
  10. | requests. By default, we will use the lightweight native driver but
  11. | you may specify any of the other wonderful drivers provided here.
  12. |
  13. | Supported: "file", "cookie", "database", "apc",
  14. | "memcached", "redis", "dynamodb", "array"
  15. |
  16. */
  17. 'driver' => env('SESSION_DRIVER', 'file'),
  18. /*
  19. |--------------------------------------------------------------------------
  20. | Session Lifetime
  21. |--------------------------------------------------------------------------
  22. |
  23. | Here you may specify the number of minutes that you wish the session
  24. | to be allowed to remain idle before it expires. If you want them
  25. | to immediately expire on the browser closing, set that option.
  26. |
  27. */
  28. 'lifetime' => env('SESSION_LIFETIME', 120),
  29. 'expire_on_close' => false,
  30. /*
  31. |--------------------------------------------------------------------------
  32. | Session Encryption
  33. |--------------------------------------------------------------------------
  34. |
  35. | This option allows you to easily specify that all of your session data
  36. | should be encrypted before it is stored. All encryption will be run
  37. | automatically by Laravel and you can use the Session like normal.
  38. |
  39. */
  40. 'encrypt' => false,
  41. /*
  42. |--------------------------------------------------------------------------
  43. | Session File Location
  44. |--------------------------------------------------------------------------
  45. |
  46. | When using the native session driver, we need a location where session
  47. | files may be stored. A default has been set for you but a different
  48. | location may be specified. This is only needed for file sessions.
  49. |
  50. */
  51. 'files' => storage_path('framework/sessions'),
  52. /*
  53. |--------------------------------------------------------------------------
  54. | Session Database Connection
  55. |--------------------------------------------------------------------------
  56. |
  57. | When using the "database" or "redis" session drivers, you may specify a
  58. | connection that should be used to manage these sessions. This should
  59. | correspond to a connection in your database configuration options.
  60. |
  61. */
  62. 'connection' => env('SESSION_CONNECTION', null),
  63. /*
  64. |--------------------------------------------------------------------------
  65. | Session Database Table
  66. |--------------------------------------------------------------------------
  67. |
  68. | When using the "database" session driver, you may specify the table we
  69. | should use to manage the sessions. Of course, a sensible default is
  70. | provided for you; however, you are free to change this as needed.
  71. |
  72. */
  73. 'table' => 'sessions',
  74. /*
  75. |--------------------------------------------------------------------------
  76. | Session Cache Store
  77. |--------------------------------------------------------------------------
  78. |
  79. | When using the "apc", "memcached", or "dynamodb" session drivers you may
  80. | list a cache store that should be used for these sessions. This value
  81. | must match with one of the application's configured cache "stores".
  82. |
  83. */
  84. 'store' => env('SESSION_STORE', null),
  85. /*
  86. |--------------------------------------------------------------------------
  87. | Session Sweeping Lottery
  88. |--------------------------------------------------------------------------
  89. |
  90. | Some session drivers must manually sweep their storage location to get
  91. | rid of old sessions from storage. Here are the chances that it will
  92. | happen on a given request. By default, the odds are 2 out of 100.
  93. |
  94. */
  95. 'lottery' => [2, 100],
  96. /*
  97. |--------------------------------------------------------------------------
  98. | Session Cookie Name
  99. |--------------------------------------------------------------------------
  100. |
  101. | Here you may change the name of the cookie used to identify a session
  102. | instance by ID. The name specified here will get used every time a
  103. | new session cookie is created by the framework for every driver.
  104. |
  105. */
  106. 'cookie' => env(
  107. 'SESSION_COOKIE',
  108. Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
  109. ),
  110. /*
  111. |--------------------------------------------------------------------------
  112. | Session Cookie Path
  113. |--------------------------------------------------------------------------
  114. |
  115. | The session cookie path determines the path for which the cookie will
  116. | be regarded as available. Typically, this will be the root path of
  117. | your application but you are free to change this when necessary.
  118. |
  119. */
  120. 'path' => '/',
  121. /*
  122. |--------------------------------------------------------------------------
  123. | Session Cookie Domain
  124. |--------------------------------------------------------------------------
  125. |
  126. | Here you may change the domain of the cookie used to identify a session
  127. | in your application. This will determine which domains the cookie is
  128. | available to in your application. A sensible default has been set.
  129. |
  130. */
  131. 'domain' => env('SESSION_DOMAIN', null),
  132. /*
  133. |--------------------------------------------------------------------------
  134. | HTTPS Only Cookies
  135. |--------------------------------------------------------------------------
  136. |
  137. | By setting this option to true, session cookies will only be sent back
  138. | to the server if the browser has a HTTPS connection. This will keep
  139. | the cookie from being sent to you if it can not be done securely.
  140. |
  141. */
  142. 'secure' => env('SESSION_SECURE_COOKIE', null),
  143. /*
  144. |--------------------------------------------------------------------------
  145. | HTTP Access Only
  146. |--------------------------------------------------------------------------
  147. |
  148. | Setting this value to true will prevent JavaScript from accessing the
  149. | value of the cookie and the cookie will only be accessible through
  150. | the HTTP protocol. You are free to modify this option if needed.
  151. |
  152. */
  153. 'http_only' => true,
  154. /*
  155. |--------------------------------------------------------------------------
  156. | Same-Site Cookies
  157. |--------------------------------------------------------------------------
  158. |
  159. | This option determines how your cookies behave when cross-site requests
  160. | take place, and can be used to mitigate CSRF attacks. By default, we
  161. | do not enable this as other CSRF protection services are in place.
  162. |
  163. | Supported: "lax", "strict", "none"
  164. |
  165. */
  166. 'same_site' => 'lax',
  167. ];