session.php
1 <?php 2 3 use Illuminate\Support\Str; 4 5 return [ 6 7 /* 8 |-------------------------------------------------------------------------- 9 | Default Session Driver 10 |-------------------------------------------------------------------------- 11 | 12 | This option controls the default session "driver" that will be used on 13 | requests. By default, we will use the lightweight native driver but 14 | you may specify any of the other wonderful drivers provided here. 15 | 16 | Supported: "file", "cookie", "database", "apc", 17 | "memcached", "redis", "dynamodb", "array" 18 | 19 */ 20 21 'driver' => env('SESSION_DRIVER', 'file'), 22 23 /* 24 |-------------------------------------------------------------------------- 25 | Session Lifetime 26 |-------------------------------------------------------------------------- 27 | 28 | Here you may specify the number of minutes that you wish the session 29 | to be allowed to remain idle before it expires. If you want them 30 | to immediately expire on the browser closing, set that option. 31 | 32 */ 33 34 'lifetime' => env('SESSION_LIFETIME', 120), 35 36 'expire_on_close' => false, 37 38 /* 39 |-------------------------------------------------------------------------- 40 | Session Encryption 41 |-------------------------------------------------------------------------- 42 | 43 | This option allows you to easily specify that all of your session data 44 | should be encrypted before it is stored. All encryption will be run 45 | automatically by Laravel and you can use the Session like normal. 46 | 47 */ 48 49 'encrypt' => false, 50 51 /* 52 |-------------------------------------------------------------------------- 53 | Session File Location 54 |-------------------------------------------------------------------------- 55 | 56 | When using the native session driver, we need a location where session 57 | files may be stored. A default has been set for you but a different 58 | location may be specified. This is only needed for file sessions. 59 | 60 */ 61 62 'files' => storage_path('framework/sessions'), 63 64 /* 65 |-------------------------------------------------------------------------- 66 | Session Database Connection 67 |-------------------------------------------------------------------------- 68 | 69 | When using the "database" or "redis" session drivers, you may specify a 70 | connection that should be used to manage these sessions. This should 71 | correspond to a connection in your database configuration options. 72 | 73 */ 74 75 'connection' => env('SESSION_CONNECTION'), 76 77 /* 78 |-------------------------------------------------------------------------- 79 | Session Database Table 80 |-------------------------------------------------------------------------- 81 | 82 | When using the "database" session driver, you may specify the table we 83 | should use to manage the sessions. Of course, a sensible default is 84 | provided for you; however, you are free to change this as needed. 85 | 86 */ 87 88 'table' => 'sessions', 89 90 /* 91 |-------------------------------------------------------------------------- 92 | Session User ID 93 |-------------------------------------------------------------------------- 94 | 95 | When using the "database" session driver, you may specify whether to store 96 | the user ID in the session. This should correspond to the user ID column 97 | in your sessions table. 98 | 99 */ 100 101 'user_id' => true, 102 103 /* 104 |-------------------------------------------------------------------------- 105 | Session Cache Store 106 |-------------------------------------------------------------------------- 107 | 108 | While using one of the framework's cache driven session backends you may 109 | list a cache store that should be used for these sessions. This value 110 | must match with one of the application's configured cache "stores". 111 | 112 | Affects: "apc", "dynamodb", "memcached", "redis" 113 | 114 */ 115 116 'store' => env('SESSION_STORE'), 117 118 /* 119 |-------------------------------------------------------------------------- 120 | Session Sweeping Lottery 121 |-------------------------------------------------------------------------- 122 | 123 | Some session drivers must manually sweep their storage location to get 124 | rid of old sessions from storage. Here are the chances that it will 125 | happen on a given request. By default, the odds are 2 out of 100. 126 | 127 */ 128 129 'lottery' => [2, 100], 130 131 /* 132 |-------------------------------------------------------------------------- 133 | Session Cookie Name 134 |-------------------------------------------------------------------------- 135 | 136 | Here you may change the name of the cookie used to identify a session 137 | instance by ID. The name specified here will get used every time a 138 | new session cookie is created by the framework for every driver. 139 | 140 */ 141 142 'cookie' => env( 143 'SESSION_COOKIE', 144 Str::slug(env('APP_NAME', 'laravel'), '_').'_session' 145 ), 146 147 /* 148 |-------------------------------------------------------------------------- 149 | Session Cookie Path 150 |-------------------------------------------------------------------------- 151 | 152 | The session cookie path determines the path for which the cookie will 153 | be regarded as available. Typically, this will be the root path of 154 | your application but you are free to change this when necessary. 155 | 156 */ 157 158 'path' => '/', 159 160 /* 161 |-------------------------------------------------------------------------- 162 | Session Cookie Domain 163 |-------------------------------------------------------------------------- 164 | 165 | Here you may change the domain of the cookie used to identify a session 166 | in your application. This will determine which domains the cookie is 167 | available to in your application. A sensible default has been set. 168 | 169 */ 170 171 'domain' => env('SESSION_DOMAIN'), 172 173 /* 174 |-------------------------------------------------------------------------- 175 | HTTPS Only Cookies 176 |-------------------------------------------------------------------------- 177 | 178 | By setting this option to true, session cookies will only be sent back 179 | to the server if the browser has a HTTPS connection. This will keep 180 | the cookie from being sent to you when it can't be done securely. 181 | 182 */ 183 184 'secure' => env('SESSION_SECURE_COOKIE'), 185 186 /* 187 |-------------------------------------------------------------------------- 188 | HTTP Access Only 189 |-------------------------------------------------------------------------- 190 | 191 | Setting this value to true will prevent JavaScript from accessing the 192 | value of the cookie and the cookie will only be accessible through 193 | the HTTP protocol. You are free to modify this option if needed. 194 | 195 */ 196 197 'http_only' => true, 198 199 /* 200 |-------------------------------------------------------------------------- 201 | Same-Site Cookies 202 |-------------------------------------------------------------------------- 203 | 204 | This option determines how your cookies behave when cross-site requests 205 | take place, and can be used to mitigate CSRF attacks. By default, we 206 | will set this value to "lax" since this is a secure default value. 207 | 208 | Supported: "lax", "strict", "none", null 209 | 210 */ 211 212 'same_site' => 'lax', 213 214 ];