<?php
-return [
+/**
+ * Session configuration options.
+ *
+ * Changes to these config files are not supported by BookStack and may break upon updates.
+ * Configuration should be altered via the `.env` file or environment variables.
+ * Do not edit this file unless you're happy to maintain any changes yourself.
+ */
- /*
- |--------------------------------------------------------------------------
- | Default Session Driver
- |--------------------------------------------------------------------------
- |
- | This option controls the default session "driver" that will be used on
- | requests. By default, we will use the lightweight native driver but
- | you may specify any of the other wonderful drivers provided here.
- |
- | Supported: "file", "cookie", "database", "apc",
- | "memcached", "redis", "array"
- |
- */
+return [
+ // Default session driver
+ // Options: file, cookie, database, redis, memcached, array
'driver' => env('SESSION_DRIVER', 'file'),
- /*
- |--------------------------------------------------------------------------
- | Session Lifetime
- |--------------------------------------------------------------------------
- |
- | Here you may specify the number of minutes that you wish the session
- | to be allowed to remain idle before it expires. If you want them
- | to immediately expire on the browser closing, set that option.
- |
- */
-
+ // Session lifetime, in minutes
'lifetime' => env('SESSION_LIFETIME', 120),
+ // Expire session on browser close
'expire_on_close' => false,
- /*
- |--------------------------------------------------------------------------
- | Session Encryption
- |--------------------------------------------------------------------------
- |
- | This option allows you to easily specify that all of your session data
- | should be encrypted before it is stored. All encryption will be run
- | automatically by Laravel and you can use the Session like normal.
- |
- */
-
+ // Encrypt session data
'encrypt' => false,
- /*
- |--------------------------------------------------------------------------
- | Session File Location
- |--------------------------------------------------------------------------
- |
- | When using the native session driver, we need a location where session
- | files may be stored. A default has been set for you but a different
- | location may be specified. This is only needed for file sessions.
- |
- */
-
+ // Location to store session files
'files' => storage_path('framework/sessions'),
- /*
- |--------------------------------------------------------------------------
- | Session Database Connection
- |--------------------------------------------------------------------------
- |
- | When using the "database" or "redis" session drivers, you may specify a
- | connection that should be used to manage these sessions. This should
- | correspond to a connection in your database configuration options.
- |
- */
-
+ // Session Database Connection
+ // When using the "database" or "redis" session drivers, you can specify a
+ // connection that should be used to manage these sessions. This should
+ // correspond to a connection in your database configuration options.
'connection' => null,
- /*
- |--------------------------------------------------------------------------
- | Session Database Table
- |--------------------------------------------------------------------------
- |
- | When using the "database" session driver, you may specify the table we
- | should use to manage the sessions. Of course, a sensible default is
- | provided for you; however, you are free to change this as needed.
- |
- */
-
+ // Session database table, if database driver is in use
'table' => 'sessions',
- /*
- |--------------------------------------------------------------------------
- | Session Sweeping Lottery
- |--------------------------------------------------------------------------
- |
- | Some session drivers must manually sweep their storage location to get
- | rid of old sessions from storage. Here are the chances that it will
- | happen on a given request. By default, the odds are 2 out of 100.
- |
- */
-
+ // Session Sweeping Lottery
+ // Some session drivers must manually sweep their storage location to get
+ // rid of old sessions from storage. Here are the chances that it will
+ // happen on a given request. By default, the odds are 2 out of 100.
'lottery' => [2, 100],
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Name
- |--------------------------------------------------------------------------
- |
- | Here you may change the name of the cookie used to identify a session
- | instance by ID. The name specified here will get used every time a
- | new session cookie is created by the framework for every driver.
- |
- */
-
- 'cookie' => 'laravel_session',
-
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Path
- |--------------------------------------------------------------------------
- |
- | The session cookie path determines the path for which the cookie will
- | be regarded as available. Typically, this will be the root path of
- | your application but you are free to change this when necessary.
- |
- */
- 'path' => '/',
+ // Session Cookie Name
+ // Here you may change the name of the cookie used to identify a session
+ // instance by ID. The name specified here will get used every time a
+ // new session cookie is created by the framework for every driver.
+ 'cookie' => env('SESSION_COOKIE_NAME', 'bookstack_session'),
- /*
- |--------------------------------------------------------------------------
- | Session Cookie Domain
- |--------------------------------------------------------------------------
- |
- | Here you may change the domain of the cookie used to identify a session
- | in your application. This will determine which domains the cookie is
- | available to in your application. A sensible default has been set.
- |
- */
-
- 'domain' => null,
-
- /*
- |--------------------------------------------------------------------------
- | HTTPS Only Cookies
- |--------------------------------------------------------------------------
- |
- | By setting this option to true, session cookies will only be sent back
- | to the server if the browser has a HTTPS connection. This will keep
- | the cookie from being sent to you if it can not be done securely.
- |
- */
-
- 'secure' => false,
+ // Session Cookie Path
+ // The session cookie path determines the path for which the cookie will
+ // be regarded as available. Typically, this will be the root path of
+ // your application but you are free to change this when necessary.
+ 'path' => '/',
+ // Session Cookie Domain
+ // Here you may change the domain of the cookie used to identify a session
+ // in your application. This will determine which domains the cookie is
+ // available to in your application. A sensible default has been set.
+ 'domain' => env('SESSION_DOMAIN', null),
+
+ // HTTPS Only Cookies
+ // By setting this option to true, session cookies will only be sent back
+ // to the server if the browser has a HTTPS connection. This will keep
+ // the cookie from being sent to you if it can not be done securely.
+ 'secure' => env('SESSION_SECURE_COOKIE', false),
+
+ // HTTP Access Only
+ // Setting this value to true will prevent JavaScript from accessing the
+ // value of the cookie and the cookie will only be accessible through the HTTP protocol.
+ 'http_only' => true,
+
+ // Same-Site Cookies
+ // This option determines how your cookies behave when cross-site requests
+ // take place, and can be used to mitigate CSRF attacks. By default, we
+ // do not enable this as other CSRF protection services are in place.
+ // Options: lax, strict
+ 'same_site' => null,
];
projects / bookstack / blobdiff