Mercurial > borealpoint

comparison config/session.php @ 0:9d7dcd54c677

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial Commit and package setup
author luka
date Sat, 23 Aug 2025 22:20:51 -0400
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:9d7dcd54c677
1 <?php
2
3 use Illuminate\Support\Str;
4
5 return [
6
7 /*
8 |--------------------------------------------------------------------------
9 | Default Session Driver
10 |--------------------------------------------------------------------------
11 |
12 | This option determines the default session driver that is utilized for
13 | incoming requests. Laravel supports a variety of storage options to
14 | persist session data. Database storage is a great default choice.
15 |
16 | Supported: "file", "cookie", "database", "memcached",
17 | "redis", "dynamodb", "array"
18 |
19 */
20
21 'driver' => env('SESSION_DRIVER', 'database'),
22
23 /*
24 |--------------------------------------------------------------------------
25 | Session Lifetime
26 |--------------------------------------------------------------------------
27 |
28 | Here you may specify the number of minutes that you wish the session
29 | to be allowed to remain idle before it expires. If you want them
30 | to expire immediately when the browser is closed then you may
31 | indicate that via the expire_on_close configuration option.
32 |
33 */
34
35 'lifetime' => (int) env('SESSION_LIFETIME', 120),
36
37 'expire_on_close' => env('SESSION_EXPIRE_ON_CLOSE', false),
38
39 /*
40 |--------------------------------------------------------------------------
41 | Session Encryption
42 |--------------------------------------------------------------------------
43 |
44 | This option allows you to easily specify that all of your session data
45 | should be encrypted before it's stored. All encryption is performed
46 | automatically by Laravel and you may use the session like normal.
47 |
48 */
49
50 'encrypt' => env('SESSION_ENCRYPT', false),
51
52 /*
53 |--------------------------------------------------------------------------
54 | Session File Location
55 |--------------------------------------------------------------------------
56 |
57 | When utilizing the "file" session driver, the session files are placed
58 | on disk. The default storage location is defined here; however, you
59 | are free to provide another location where they should be stored.
60 |
61 */
62
63 'files' => storage_path('framework/sessions'),
64
65 /*
66 |--------------------------------------------------------------------------
67 | Session Database Connection
68 |--------------------------------------------------------------------------
69 |
70 | When using the "database" or "redis" session drivers, you may specify a
71 | connection that should be used to manage these sessions. This should
72 | correspond to a connection in your database configuration options.
73 |
74 */
75
76 'connection' => env('SESSION_CONNECTION'),
77
78 /*
79 |--------------------------------------------------------------------------
80 | Session Database Table
81 |--------------------------------------------------------------------------
82 |
83 | When using the "database" session driver, you may specify the table to
84 | be used to store sessions. Of course, a sensible default is defined
85 | for you; however, you're welcome to change this to another table.
86 |
87 */
88
89 'table' => env('SESSION_TABLE', 'sessions'),
90
91 /*
92 |--------------------------------------------------------------------------
93 | Session Cache Store
94 |--------------------------------------------------------------------------
95 |
96 | When using one of the framework's cache driven session backends, you may
97 | define the cache store which should be used to store the session data
98 | between requests. This must match one of your defined cache stores.
99 |
100 | Affects: "dynamodb", "memcached", "redis"
101 |
102 */
103
104 'store' => env('SESSION_STORE'),
105
106 /*
107 |--------------------------------------------------------------------------
108 | Session Sweeping Lottery
109 |--------------------------------------------------------------------------
110 |
111 | Some session drivers must manually sweep their storage location to get
112 | rid of old sessions from storage. Here are the chances that it will
113 | happen on a given request. By default, the odds are 2 out of 100.
114 |
115 */
116
117 'lottery' => [2, 100],
118
119 /*
120 |--------------------------------------------------------------------------
121 | Session Cookie Name
122 |--------------------------------------------------------------------------
123 |
124 | Here you may change the name of the session cookie that is created by
125 | the framework. Typically, you should not need to change this value
126 | since doing so does not grant a meaningful security improvement.
127 |
128 */
129
130 'cookie' => env(
131 'SESSION_COOKIE',
132 Str::slug(env('APP_NAME', 'laravel')).'-session'
133 ),
134
135 /*
136 |--------------------------------------------------------------------------
137 | Session Cookie Path
138 |--------------------------------------------------------------------------
139 |
140 | The session cookie path determines the path for which the cookie will
141 | be regarded as available. Typically, this will be the root path of
142 | your application, but you're free to change this when necessary.
143 |
144 */
145
146 'path' => env('SESSION_PATH', '/'),
147
148 /*
149 |--------------------------------------------------------------------------
150 | Session Cookie Domain
151 |--------------------------------------------------------------------------
152 |
153 | This value determines the domain and subdomains the session cookie is
154 | available to. By default, the cookie will be available to the root
155 | domain and all subdomains. Typically, this shouldn't be changed.
156 |
157 */
158
159 'domain' => env('SESSION_DOMAIN'),
160
161 /*
162 |--------------------------------------------------------------------------
163 | HTTPS Only Cookies
164 |--------------------------------------------------------------------------
165 |
166 | By setting this option to true, session cookies will only be sent back
167 | to the server if the browser has a HTTPS connection. This will keep
168 | the cookie from being sent to you when it can't be done securely.
169 |
170 */
171
172 'secure' => env('SESSION_SECURE_COOKIE'),
173
174 /*
175 |--------------------------------------------------------------------------
176 | HTTP Access Only
177 |--------------------------------------------------------------------------
178 |
179 | Setting this value to true will prevent JavaScript from accessing the
180 | value of the cookie and the cookie will only be accessible through
181 | the HTTP protocol. It's unlikely you should disable this option.
182 |
183 */
184
185 'http_only' => env('SESSION_HTTP_ONLY', true),
186
187 /*
188 |--------------------------------------------------------------------------
189 | Same-Site Cookies
190 |--------------------------------------------------------------------------
191 |
192 | This option determines how your cookies behave when cross-site requests
193 | take place, and can be used to mitigate CSRF attacks. By default, we
194 | will set this value to "lax" to permit secure cross-site requests.
195 |
196 | See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
197 |
198 | Supported: "lax", "strict", "none", null
199 |
200 */
201
202 'same_site' => env('SESSION_SAME_SITE', 'lax'),
203
204 /*
205 |--------------------------------------------------------------------------
206 | Partitioned Cookies
207 |--------------------------------------------------------------------------
208 |
209 | Setting this value to true will tie the cookie to the top-level site for
210 | a cross-site context. Partitioned cookies are accepted by the browser
211 | when flagged "secure" and the Same-Site attribute is set to "none".
212 |
213 */
214
215 'partitioned' => env('SESSION_PARTITIONED_COOKIE', false),
216
217 ];