<?php
+use Illuminate\Support\Str;
+
/**
* Session configuration options.
*
// The session cookie path determines the path for which the cookie will
// be regarded as available. Typically, this will be the root path of
// your application but you are free to change this when necessary.
- 'path' => '/',
+ 'path' => '/' . (explode('/', env('APP_URL', ''), 4)[3] ?? ''),
// Session Cookie Domain
// Here you may change the domain of the cookie used to identify a session
// By setting this option to true, session cookies will only be sent back
// to the server if the browser has a HTTPS connection. This will keep
// the cookie from being sent to you if it can not be done securely.
- 'secure' => env('SESSION_SECURE_COOKIE', false),
+ 'secure' => env('SESSION_SECURE_COOKIE', null)
+ ?? Str::startsWith(env('APP_URL', ''), 'https:'),
// HTTP Access Only
// Setting this value to true will prevent JavaScript from accessing the
// This option determines how your cookies behave when cross-site requests
// take place, and can be used to mitigate CSRF attacks. By default, we
// do not enable this as other CSRF protection services are in place.
- // Options: lax, strict
- 'same_site' => null,
+ // Options: lax, strict, none
+ 'same_site' => 'lax',
+
+
+ // Partitioned Cookies
+ // Setting this value to true will tie the cookie to the top-level site for
+ // a cross-site context. Partitioned cookies are accepted by the browser
+ // when flagged "secure" and the Same-Site attribute is set to "none".
+ 'partitioned' => false,
];
projects / bookstack / blobdiff