X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/77727e7e5087f28cb55ebbf2b04402dc6b34c7fa..refs/pull/1462/head:/config/session.php diff --git a/config/session.php b/config/session.php index b334ffb3c..bdb5e554b 100644 --- a/config/session.php +++ b/config/session.php @@ -1,181 +1,80 @@ env('SESSION_DRIVER', 'file'), - /* - |-------------------------------------------------------------------------- - | Session Lifetime - |-------------------------------------------------------------------------- - | - | Here you may specify the number of minutes that you wish the session - | to be allowed to remain idle before it expires. If you want them - | to immediately expire on the browser closing, set that option. - | - */ - + // Session lifetime, in minutes 'lifetime' => env('SESSION_LIFETIME', 120), + // Expire session on browser close 'expire_on_close' => false, - /* - |-------------------------------------------------------------------------- - | Session Encryption - |-------------------------------------------------------------------------- - | - | This option allows you to easily specify that all of your session data - | should be encrypted before it is stored. All encryption will be run - | automatically by Laravel and you can use the Session like normal. - | - */ - + // Encrypt session data 'encrypt' => false, - /* - |-------------------------------------------------------------------------- - | Session File Location - |-------------------------------------------------------------------------- - | - | When using the native session driver, we need a location where session - | files may be stored. A default has been set for you but a different - | location may be specified. This is only needed for file sessions. - | - */ - + // Location to store session files 'files' => storage_path('framework/sessions'), - /* - |-------------------------------------------------------------------------- - | Session Database Connection - |-------------------------------------------------------------------------- - | - | When using the "database" or "redis" session drivers, you may specify a - | connection that should be used to manage these sessions. This should - | correspond to a connection in your database configuration options. - | - */ - + // Session Database Connection + // When using the "database" or "redis" session drivers, you can specify a + // connection that should be used to manage these sessions. This should + // correspond to a connection in your database configuration options. 'connection' => null, - /* - |-------------------------------------------------------------------------- - | Session Database Table - |-------------------------------------------------------------------------- - | - | When using the "database" session driver, you may specify the table we - | should use to manage the sessions. Of course, a sensible default is - | provided for you; however, you are free to change this as needed. - | - */ - + // Session database table, if database driver is in use 'table' => 'sessions', - /* - |-------------------------------------------------------------------------- - | Session Sweeping Lottery - |-------------------------------------------------------------------------- - | - | Some session drivers must manually sweep their storage location to get - | rid of old sessions from storage. Here are the chances that it will - | happen on a given request. By default, the odds are 2 out of 100. - | - */ - + // Session Sweeping Lottery + // Some session drivers must manually sweep their storage location to get + // rid of old sessions from storage. Here are the chances that it will + // happen on a given request. By default, the odds are 2 out of 100. 'lottery' => [2, 100], - /* - |-------------------------------------------------------------------------- - | Session Cookie Name - |-------------------------------------------------------------------------- - | - | Here you may change the name of the cookie used to identify a session - | instance by ID. The name specified here will get used every time a - | new session cookie is created by the framework for every driver. - | - */ - - 'cookie' => 'laravel_session', - - /* - |-------------------------------------------------------------------------- - | Session Cookie Path - |-------------------------------------------------------------------------- - | - | The session cookie path determines the path for which the cookie will - | be regarded as available. Typically, this will be the root path of - | your application but you are free to change this when necessary. - | - */ - 'path' => '/', + // Session Cookie Name + // Here you may change the name of the cookie used to identify a session + // instance by ID. The name specified here will get used every time a + // new session cookie is created by the framework for every driver. + 'cookie' => env('SESSION_COOKIE_NAME', 'bookstack_session'), - /* - |-------------------------------------------------------------------------- - | Session Cookie Domain - |-------------------------------------------------------------------------- - | - | Here you may change the domain of the cookie used to identify a session - | in your application. This will determine which domains the cookie is - | available to in your application. A sensible default has been set. - | - */ + // Session Cookie Path + // The session cookie path determines the path for which the cookie will + // be regarded as available. Typically, this will be the root path of + // your application but you are free to change this when necessary. + 'path' => '/', + // Session Cookie Domain + // Here you may change the domain of the cookie used to identify a session + // in your application. This will determine which domains the cookie is + // available to in your application. A sensible default has been set. 'domain' => env('SESSION_DOMAIN', null), - /* - |-------------------------------------------------------------------------- - | HTTPS Only Cookies - |-------------------------------------------------------------------------- - | - | By setting this option to true, session cookies will only be sent back - | to the server if the browser has a HTTPS connection. This will keep - | the cookie from being sent to you if it can not be done securely. - | - */ - + // HTTPS Only Cookies + // By setting this option to true, session cookies will only be sent back + // to the server if the browser has a HTTPS connection. This will keep + // the cookie from being sent to you if it can not be done securely. 'secure' => env('SESSION_SECURE_COOKIE', false), - /* - |-------------------------------------------------------------------------- - | HTTP Access Only - |-------------------------------------------------------------------------- - | - | Setting this value to true will prevent JavaScript from accessing the - | value of the cookie and the cookie will only be accessible through - | the HTTP protocol. You are free to modify this option if needed. - | - */ - + // HTTP Access Only + // Setting this value to true will prevent JavaScript from accessing the + // value of the cookie and the cookie will only be accessible through the HTTP protocol. 'http_only' => true, - /* - |-------------------------------------------------------------------------- - | Same-Site Cookies - |-------------------------------------------------------------------------- - | - | This option determines how your cookies behave when cross-site requests - | take place, and can be used to mitigate CSRF attacks. By default, we - | do not enable this as other CSRF protection services are in place. - | - | Supported: "lax", "strict" - | - */ - + // Same-Site Cookies + // This option determines how your cookies behave when cross-site requests + // take place, and can be used to mitigate CSRF attacks. By default, we + // do not enable this as other CSRF protection services are in place. + // Options: lax, strict 'same_site' => null, - ];