session.php 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217
  1. <?php
  2. use Illuminate\Support\Str;
  3. return [
  4. /*
  5. |--------------------------------------------------------------------------
  6. | Default Session Driver
  7. |--------------------------------------------------------------------------
  8. |
  9. | This option determines the default session driver that is utilized for
  10. | incoming requests. Laravel supports a variety of storage options to
  11. | persist session data. Database storage is a great default choice.
  12. |
  13. | Supported: "file", "cookie", "database", "apc",
  14. | "memcached", "redis", "dynamodb", "array"
  15. |
  16. */
  17. 'driver' => env('SESSION_DRIVER', 'database'),
  18. /*
  19. |--------------------------------------------------------------------------
  20. | Session Lifetime
  21. |--------------------------------------------------------------------------
  22. |
  23. | Here you may specify the number of minutes that you wish the session
  24. | to be allowed to remain idle before it expires. If you want them
  25. | to expire immediately when the browser is closed then you may
  26. | indicate that via the expire_on_close configuration option.
  27. |
  28. */
  29. 'lifetime' => env('SESSION_LIFETIME', 120),
  30. 'expire_on_close' => env('SESSION_EXPIRE_ON_CLOSE', false),
  31. /*
  32. |--------------------------------------------------------------------------
  33. | Session Encryption
  34. |--------------------------------------------------------------------------
  35. |
  36. | This option allows you to easily specify that all of your session data
  37. | should be encrypted before it's stored. All encryption is performed
  38. | automatically by Laravel and you may use the session like normal.
  39. |
  40. */
  41. 'encrypt' => env('SESSION_ENCRYPT', false),
  42. /*
  43. |--------------------------------------------------------------------------
  44. | Session File Location
  45. |--------------------------------------------------------------------------
  46. |
  47. | When utilizing the "file" session driver, the session files are placed
  48. | on disk. The default storage location is defined here; however, you
  49. | are free to provide another location where they should be stored.
  50. |
  51. */
  52. 'files' => storage_path('framework/sessions'),
  53. /*
  54. |--------------------------------------------------------------------------
  55. | Session Database Connection
  56. |--------------------------------------------------------------------------
  57. |
  58. | When using the "database" or "redis" session drivers, you may specify a
  59. | connection that should be used to manage these sessions. This should
  60. | correspond to a connection in your database configuration options.
  61. |
  62. */
  63. 'connection' => env('SESSION_CONNECTION'),
  64. /*
  65. |--------------------------------------------------------------------------
  66. | Session Database Table
  67. |--------------------------------------------------------------------------
  68. |
  69. | When using the "database" session driver, you may specify the table to
  70. | be used to store sessions. Of course, a sensible default is defined
  71. | for you; however, you're welcome to change this to another table.
  72. |
  73. */
  74. 'table' => env('SESSION_TABLE', 'sessions'),
  75. /*
  76. |--------------------------------------------------------------------------
  77. | Session Cache Store
  78. |--------------------------------------------------------------------------
  79. |
  80. | When using one of the framework's cache driven session backends, you may
  81. | define the cache store which should be used to store the session data
  82. | between requests. This must match one of your defined cache stores.
  83. |
  84. | Affects: "apc", "dynamodb", "memcached", "redis"
  85. |
  86. */
  87. 'store' => env('SESSION_STORE'),
  88. /*
  89. |--------------------------------------------------------------------------
  90. | Session Sweeping Lottery
  91. |--------------------------------------------------------------------------
  92. |
  93. | Some session drivers must manually sweep their storage location to get
  94. | rid of old sessions from storage. Here are the chances that it will
  95. | happen on a given request. By default, the odds are 2 out of 100.
  96. |
  97. */
  98. 'lottery' => [2, 100],
  99. /*
  100. |--------------------------------------------------------------------------
  101. | Session Cookie Name
  102. |--------------------------------------------------------------------------
  103. |
  104. | Here you may change the name of the session cookie that is created by
  105. | the framework. Typically, you should not need to change this value
  106. | since doing so does not grant a meaningful security improvement.
  107. |
  108. */
  109. 'cookie' => env(
  110. 'SESSION_COOKIE',
  111. Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
  112. ),
  113. /*
  114. |--------------------------------------------------------------------------
  115. | Session Cookie Path
  116. |--------------------------------------------------------------------------
  117. |
  118. | The session cookie path determines the path for which the cookie will
  119. | be regarded as available. Typically, this will be the root path of
  120. | your application, but you're free to change this when necessary.
  121. |
  122. */
  123. 'path' => env('SESSION_PATH', '/'),
  124. /*
  125. |--------------------------------------------------------------------------
  126. | Session Cookie Domain
  127. |--------------------------------------------------------------------------
  128. |
  129. | This value determines the domain and subdomains the session cookie is
  130. | available to. By default, the cookie will be available to the root
  131. | domain and all subdomains. Typically, this shouldn't be changed.
  132. |
  133. */
  134. 'domain' => env('SESSION_DOMAIN'),
  135. /*
  136. |--------------------------------------------------------------------------
  137. | HTTPS Only Cookies
  138. |--------------------------------------------------------------------------
  139. |
  140. | By setting this option to true, session cookies will only be sent back
  141. | to the server if the browser has a HTTPS connection. This will keep
  142. | the cookie from being sent to you when it can't be done securely.
  143. |
  144. */
  145. 'secure' => env('SESSION_SECURE_COOKIE'),
  146. /*
  147. |--------------------------------------------------------------------------
  148. | HTTP Access Only
  149. |--------------------------------------------------------------------------
  150. |
  151. | Setting this value to true will prevent JavaScript from accessing the
  152. | value of the cookie and the cookie will only be accessible through
  153. | the HTTP protocol. It's unlikely you should disable this option.
  154. |
  155. */
  156. 'http_only' => env('SESSION_HTTP_ONLY', true),
  157. /*
  158. |--------------------------------------------------------------------------
  159. | Same-Site Cookies
  160. |--------------------------------------------------------------------------
  161. |
  162. | This option determines how your cookies behave when cross-site requests
  163. | take place, and can be used to mitigate CSRF attacks. By default, we
  164. | will set this value to "lax" to permit secure cross-site requests.
  165. |
  166. | See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
  167. |
  168. | Supported: "lax", "strict", "none", null
  169. |
  170. */
  171. 'same_site' => env('SESSION_SAME_SITE', 'lax'),
  172. /*
  173. |--------------------------------------------------------------------------
  174. | Partitioned Cookies
  175. |--------------------------------------------------------------------------
  176. |
  177. | Setting this value to true will tie the cookie to the top-level site for
  178. | a cross-site context. Partitioned cookies are accepted by the browser
  179. | when flagged "secure" and the Same-Site attribute is set to "none".
  180. |
  181. */
  182. 'partitioned' => env('SESSION_PARTITIONED_COOKIE', false),
  183. ];