session.php 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197
  1. <?php
  2. return [
  3. /*
  4. |--------------------------------------------------------------------------
  5. | Default Session Driver
  6. |--------------------------------------------------------------------------
  7. |
  8. | This option controls the default session "driver" that will be used on
  9. | requests. By default, we will use the lightweight native driver but
  10. | you may specify any of the other wonderful drivers provided here.
  11. |
  12. | Supported: "file", "cookie", "database", "apc",
  13. | "memcached", "redis", "array"
  14. |
  15. */
  16. 'driver' => env('SESSION_DRIVER', 'file'),
  17. /*
  18. |--------------------------------------------------------------------------
  19. | Session Lifetime
  20. |--------------------------------------------------------------------------
  21. |
  22. | Here you may specify the number of minutes that you wish the session
  23. | to be allowed to remain idle before it expires. If you want them
  24. | to immediately expire on the browser closing, set that option.
  25. |
  26. */
  27. 'lifetime' => env('SESSION_LIFETIME', 120),
  28. 'expire_on_close' => false,
  29. /*
  30. |--------------------------------------------------------------------------
  31. | Session Encryption
  32. |--------------------------------------------------------------------------
  33. |
  34. | This option allows you to easily specify that all of your session data
  35. | should be encrypted before it is stored. All encryption will be run
  36. | automatically by Laravel and you can use the Session like normal.
  37. |
  38. */
  39. 'encrypt' => false,
  40. /*
  41. |--------------------------------------------------------------------------
  42. | Session File Location
  43. |--------------------------------------------------------------------------
  44. |
  45. | When using the native session driver, we need a location where session
  46. | files may be stored. A default has been set for you but a different
  47. | location may be specified. This is only needed for file sessions.
  48. |
  49. */
  50. 'files' => storage_path('framework/sessions'),
  51. /*
  52. |--------------------------------------------------------------------------
  53. | Session Database Connection
  54. |--------------------------------------------------------------------------
  55. |
  56. | When using the "database" or "redis" session drivers, you may specify a
  57. | connection that should be used to manage these sessions. This should
  58. | correspond to a connection in your database configuration options.
  59. |
  60. */
  61. 'connection' => null,
  62. /*
  63. |--------------------------------------------------------------------------
  64. | Session Database Table
  65. |--------------------------------------------------------------------------
  66. |
  67. | When using the "database" session driver, you may specify the table we
  68. | should use to manage the sessions. Of course, a sensible default is
  69. | provided for you; however, you are free to change this as needed.
  70. |
  71. */
  72. 'table' => 'sessions',
  73. /*
  74. |--------------------------------------------------------------------------
  75. | Session Cache Store
  76. |--------------------------------------------------------------------------
  77. |
  78. | When using the "apc" or "memcached" session drivers, you may specify a
  79. | cache store that should be used for these sessions. This value must
  80. | correspond with one of the application's configured cache stores.
  81. |
  82. */
  83. 'store' => null,
  84. /*
  85. |--------------------------------------------------------------------------
  86. | Session Sweeping Lottery
  87. |--------------------------------------------------------------------------
  88. |
  89. | Some session drivers must manually sweep their storage location to get
  90. | rid of old sessions from storage. Here are the chances that it will
  91. | happen on a given request. By default, the odds are 2 out of 100.
  92. |
  93. */
  94. 'lottery' => [2, 100],
  95. /*
  96. |--------------------------------------------------------------------------
  97. | Session Cookie Name
  98. |--------------------------------------------------------------------------
  99. |
  100. | Here you may change the name of the cookie used to identify a session
  101. | instance by ID. The name specified here will get used every time a
  102. | new session cookie is created by the framework for every driver.
  103. |
  104. */
  105. 'cookie' => env(
  106. 'SESSION_COOKIE',
  107. str_slug(env('APP_NAME', 'laravel'), '_').'_session'
  108. ),
  109. /*
  110. |--------------------------------------------------------------------------
  111. | Session Cookie Path
  112. |--------------------------------------------------------------------------
  113. |
  114. | The session cookie path determines the path for which the cookie will
  115. | be regarded as available. Typically, this will be the root path of
  116. | your application but you are free to change this when necessary.
  117. |
  118. */
  119. 'path' => '/',
  120. /*
  121. |--------------------------------------------------------------------------
  122. | Session Cookie Domain
  123. |--------------------------------------------------------------------------
  124. |
  125. | Here you may change the domain of the cookie used to identify a session
  126. | in your application. This will determine which domains the cookie is
  127. | available to in your application. A sensible default has been set.
  128. |
  129. */
  130. 'domain' => env('SESSION_DOMAIN', null),
  131. /*
  132. |--------------------------------------------------------------------------
  133. | HTTPS Only Cookies
  134. |--------------------------------------------------------------------------
  135. |
  136. | By setting this option to true, session cookies will only be sent back
  137. | to the server if the browser has a HTTPS connection. This will keep
  138. | the cookie from being sent to you if it can not be done securely.
  139. |
  140. */
  141. 'secure' => env('SESSION_SECURE_COOKIE', false),
  142. /*
  143. |--------------------------------------------------------------------------
  144. | HTTP Access Only
  145. |--------------------------------------------------------------------------
  146. |
  147. | Setting this value to true will prevent JavaScript from accessing the
  148. | value of the cookie and the cookie will only be accessible through
  149. | the HTTP protocol. You are free to modify this option if needed.
  150. |
  151. */
  152. 'http_only' => true,
  153. /*
  154. |--------------------------------------------------------------------------
  155. | Same-Site Cookies
  156. |--------------------------------------------------------------------------
  157. |
  158. | This option determines how your cookies behave when cross-site requests
  159. | take place, and can be used to mitigate CSRF attacks. By default, we
  160. | do not enable this as other CSRF protection services are in place.
  161. |
  162. | Supported: "lax", "strict"
  163. |
  164. */
  165. 'same_site' => null,
  166. ];