X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/0b967d84ad1ed630fc72974afa3351461881e9ba..refs/pull/1462/head:/config/session.php diff --git a/config/session.php b/config/session.php index 8d8c14fe9..bdb5e554b 100644 --- a/config/session.php +++ b/config/session.php @@ -1,153 +1,80 @@ env('SESSION_DRIVER', 'file'), - /* - |-------------------------------------------------------------------------- - | Session Lifetime - |-------------------------------------------------------------------------- - | - | Here you may specify the number of minutes that you wish the session - | to be allowed to remain idle before it expires. If you want them - | to immediately expire on the browser closing, set that option. - | - */ - + // Session lifetime, in minutes 'lifetime' => env('SESSION_LIFETIME', 120), + // Expire session on browser close 'expire_on_close' => false, - /* - |-------------------------------------------------------------------------- - | Session Encryption - |-------------------------------------------------------------------------- - | - | This option allows you to easily specify that all of your session data - | should be encrypted before it is stored. All encryption will be run - | automatically by Laravel and you can use the Session like normal. - | - */ - + // Encrypt session data 'encrypt' => false, - /* - |-------------------------------------------------------------------------- - | Session File Location - |-------------------------------------------------------------------------- - | - | When using the native session driver, we need a location where session - | files may be stored. A default has been set for you but a different - | location may be specified. This is only needed for file sessions. - | - */ - + // Location to store session files 'files' => storage_path('framework/sessions'), - /* - |-------------------------------------------------------------------------- - | Session Database Connection - |-------------------------------------------------------------------------- - | - | When using the "database" or "redis" session drivers, you may specify a - | connection that should be used to manage these sessions. This should - | correspond to a connection in your database configuration options. - | - */ - + // Session Database Connection + // When using the "database" or "redis" session drivers, you can specify a + // connection that should be used to manage these sessions. This should + // correspond to a connection in your database configuration options. 'connection' => null, - /* - |-------------------------------------------------------------------------- - | Session Database Table - |-------------------------------------------------------------------------- - | - | When using the "database" session driver, you may specify the table we - | should use to manage the sessions. Of course, a sensible default is - | provided for you; however, you are free to change this as needed. - | - */ - + // Session database table, if database driver is in use 'table' => 'sessions', - /* - |-------------------------------------------------------------------------- - | Session Sweeping Lottery - |-------------------------------------------------------------------------- - | - | Some session drivers must manually sweep their storage location to get - | rid of old sessions from storage. Here are the chances that it will - | happen on a given request. By default, the odds are 2 out of 100. - | - */ - + // Session Sweeping Lottery + // Some session drivers must manually sweep their storage location to get + // rid of old sessions from storage. Here are the chances that it will + // happen on a given request. By default, the odds are 2 out of 100. 'lottery' => [2, 100], - /* - |-------------------------------------------------------------------------- - | Session Cookie Name - |-------------------------------------------------------------------------- - | - | Here you may change the name of the cookie used to identify a session - | instance by ID. The name specified here will get used every time a - | new session cookie is created by the framework for every driver. - | - */ - - 'cookie' => 'laravel_session', - - /* - |-------------------------------------------------------------------------- - | Session Cookie Path - |-------------------------------------------------------------------------- - | - | The session cookie path determines the path for which the cookie will - | be regarded as available. Typically, this will be the root path of - | your application but you are free to change this when necessary. - | - */ - 'path' => '/', + // Session Cookie Name + // Here you may change the name of the cookie used to identify a session + // instance by ID. The name specified here will get used every time a + // new session cookie is created by the framework for every driver. + 'cookie' => env('SESSION_COOKIE_NAME', 'bookstack_session'), - /* - |-------------------------------------------------------------------------- - | Session Cookie Domain - |-------------------------------------------------------------------------- - | - | Here you may change the domain of the cookie used to identify a session - | in your application. This will determine which domains the cookie is - | available to in your application. A sensible default has been set. - | - */ - - 'domain' => null, - - /* - |-------------------------------------------------------------------------- - | HTTPS Only Cookies - |-------------------------------------------------------------------------- - | - | By setting this option to true, session cookies will only be sent back - | to the server if the browser has a HTTPS connection. This will keep - | the cookie from being sent to you if it can not be done securely. - | - */ - - 'secure' => false, + // Session Cookie Path + // The session cookie path determines the path for which the cookie will + // be regarded as available. Typically, this will be the root path of + // your application but you are free to change this when necessary. + 'path' => '/', + // Session Cookie Domain + // Here you may change the domain of the cookie used to identify a session + // in your application. This will determine which domains the cookie is + // available to in your application. A sensible default has been set. + 'domain' => env('SESSION_DOMAIN', null), + + // HTTPS Only Cookies + // By setting this option to true, session cookies will only be sent back + // to the server if the browser has a HTTPS connection. This will keep + // the cookie from being sent to you if it can not be done securely. + 'secure' => env('SESSION_SECURE_COOKIE', false), + + // HTTP Access Only + // Setting this value to true will prevent JavaScript from accessing the + // value of the cookie and the cookie will only be accessible through the HTTP protocol. + 'http_only' => true, + + // Same-Site Cookies + // This option determines how your cookies behave when cross-site requests + // take place, and can be used to mitigate CSRF attacks. By default, we + // do not enable this as other CSRF protection services are in place. + // Options: lax, strict + 'same_site' => null, ];