session.php 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201
  1. <?php
  2. use Illuminate\Support\Str;
  3. return [
  4. /*
  5. |--------------------------------------------------------------------------
  6. | Default Session Driver
  7. |--------------------------------------------------------------------------
  8. |
  9. | This option controls the default session "driver" that will be used on
  10. | requests. By default, we will use the lightweight native driver but
  11. | you may specify any of the other wonderful drivers provided here.
  12. |
  13. | Supported: "file", "cookie", "database", "apc",
  14. | "memcached", "redis", "dynamodb", "array"
  15. |
  16. */
  17. 'driver' => env('SESSION_DRIVER', 'file'),
  18. /*
  19. |--------------------------------------------------------------------------
  20. | Session Lifetime
  21. |--------------------------------------------------------------------------
  22. |
  23. | Here you may specify the number of minutes that you wish the session
  24. | to be allowed to remain idle before it expires. If you want them
  25. | to immediately expire on the browser closing, set that option.
  26. |
  27. */
  28. 'lifetime' => env('SESSION_LIFETIME', 120),
  29. 'expire_on_close' => false,
  30. /*
  31. |--------------------------------------------------------------------------
  32. | Session Encryption
  33. |--------------------------------------------------------------------------
  34. |
  35. | This option allows you to easily specify that all of your session data
  36. | should be encrypted before it is stored. All encryption will be run
  37. | automatically by Laravel and you can use the Session like normal.
  38. |
  39. */
  40. 'encrypt' => false,
  41. /*
  42. |--------------------------------------------------------------------------
  43. | Session File Location
  44. |--------------------------------------------------------------------------
  45. |
  46. | When using the native session driver, we need a location where session
  47. | files may be stored. A default has been set for you but a different
  48. | location may be specified. This is only needed for file sessions.
  49. |
  50. */
  51. 'files' => storage_path('framework/sessions'),
  52. /*
  53. |--------------------------------------------------------------------------
  54. | Session Database Connection
  55. |--------------------------------------------------------------------------
  56. |
  57. | When using the "database" or "redis" session drivers, you may specify a
  58. | connection that should be used to manage these sessions. This should
  59. | correspond to a connection in your database configuration options.
  60. |
  61. */
  62. 'connection' => env('SESSION_CONNECTION', null),
  63. /*
  64. |--------------------------------------------------------------------------
  65. | Session Database Table
  66. |--------------------------------------------------------------------------
  67. |
  68. | When using the "database" session driver, you may specify the table we
  69. | should use to manage the sessions. Of course, a sensible default is
  70. | provided for you; however, you are free to change this as needed.
  71. |
  72. */
  73. 'table' => 'sessions',
  74. /*
  75. |--------------------------------------------------------------------------
  76. | Session Cache Store
  77. |--------------------------------------------------------------------------
  78. |
  79. | While using one of the framework's cache driven session backends you may
  80. | list a cache store that should be used for these sessions. This value
  81. | must match with one of the application's configured cache "stores".
  82. |
  83. | Affects: "apc", "dynamodb", "memcached", "redis"
  84. |
  85. */
  86. 'store' => env('SESSION_STORE', null),
  87. /*
  88. |--------------------------------------------------------------------------
  89. | Session Sweeping Lottery
  90. |--------------------------------------------------------------------------
  91. |
  92. | Some session drivers must manually sweep their storage location to get
  93. | rid of old sessions from storage. Here are the chances that it will
  94. | happen on a given request. By default, the odds are 2 out of 100.
  95. |
  96. */
  97. 'lottery' => [2, 100],
  98. /*
  99. |--------------------------------------------------------------------------
  100. | Session Cookie Name
  101. |--------------------------------------------------------------------------
  102. |
  103. | Here you may change the name of the cookie used to identify a session
  104. | instance by ID. The name specified here will get used every time a
  105. | new session cookie is created by the framework for every driver.
  106. |
  107. */
  108. 'cookie' => env(
  109. 'SESSION_COOKIE',
  110. Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
  111. ),
  112. /*
  113. |--------------------------------------------------------------------------
  114. | Session Cookie Path
  115. |--------------------------------------------------------------------------
  116. |
  117. | The session cookie path determines the path for which the cookie will
  118. | be regarded as available. Typically, this will be the root path of
  119. | your application but you are free to change this when necessary.
  120. |
  121. */
  122. 'path' => '/',
  123. /*
  124. |--------------------------------------------------------------------------
  125. | Session Cookie Domain
  126. |--------------------------------------------------------------------------
  127. |
  128. | Here you may change the domain of the cookie used to identify a session
  129. | in your application. This will determine which domains the cookie is
  130. | available to in your application. A sensible default has been set.
  131. |
  132. */
  133. 'domain' => env('SESSION_DOMAIN', null),
  134. /*
  135. |--------------------------------------------------------------------------
  136. | HTTPS Only Cookies
  137. |--------------------------------------------------------------------------
  138. |
  139. | By setting this option to true, session cookies will only be sent back
  140. | to the server if the browser has a HTTPS connection. This will keep
  141. | the cookie from being sent to you when it can't be done securely.
  142. |
  143. */
  144. 'secure' => env('SESSION_SECURE_COOKIE'),
  145. /*
  146. |--------------------------------------------------------------------------
  147. | HTTP Access Only
  148. |--------------------------------------------------------------------------
  149. |
  150. | Setting this value to true will prevent JavaScript from accessing the
  151. | value of the cookie and the cookie will only be accessible through
  152. | the HTTP protocol. You are free to modify this option if needed.
  153. |
  154. */
  155. 'http_only' => true,
  156. /*
  157. |--------------------------------------------------------------------------
  158. | Same-Site Cookies
  159. |--------------------------------------------------------------------------
  160. |
  161. | This option determines how your cookies behave when cross-site requests
  162. | take place, and can be used to mitigate CSRF attacks. By default, we
  163. | will set this value to "lax" since this is a secure default value.
  164. |
  165. | Supported: "lax", "strict", "none", null
  166. |
  167. */
  168. 'same_site' => 'lax',
  169. ];