BookStack Code Mirror - bookstack/blob

1 <?php

2

3 /**

4 * Session configuration options.

5 *

6 * Changes to these config files are not supported by BookStack and may break upon updates.

7 * Configuration should be altered via the `.env` file or environment variables.

8 * Do not edit this file unless you're happy to maintain any changes yourself.

9 */

10

11 return [

12

13 // Default session driver

14 // Options: file, cookie, database, redis, memcached, array

15 'driver' => env('SESSION_DRIVER', 'file'),

16

17

18 // Session lifetime, in minutes

19 'lifetime' => env('SESSION_LIFETIME', 120),

20

21 // Expire session on browser close

22 'expire_on_close' => false,

23

24 // Encrypt session data

25 'encrypt' => false,

26

27 // Location to store session files

28 'files' => storage_path('framework/sessions'),

29

30 // Session Database Connection

31 // When using the "database" or "redis" session drivers, you can specify a

32 // connection that should be used to manage these sessions. This should

33 // correspond to a connection in your database configuration options.

34 'connection' => null,

35

36 // Session database table, if database driver is in use

37 'table' => 'sessions',

38

39 // Session Sweeping Lottery

40 // Some session drivers must manually sweep their storage location to get

41 // rid of old sessions from storage. Here are the chances that it will

42 // happen on a given request. By default, the odds are 2 out of 100.

43 'lottery' => [2, 100],

44

45

46 // Session Cookie Name

47 // Here you may change the name of the cookie used to identify a session

48 // instance by ID. The name specified here will get used every time a

49 // new session cookie is created by the framework for every driver.

50 'cookie' => env('SESSION_COOKIE_NAME', 'bookstack_session'),

51

52 // Session Cookie Path

53 // The session cookie path determines the path for which the cookie will

54 // be regarded as available. Typically, this will be the root path of

55 // your application but you are free to change this when necessary.

56 'path' => '/',

57

58 // Session Cookie Domain

59 // Here you may change the domain of the cookie used to identify a session

60 // in your application. This will determine which domains the cookie is

61 // available to in your application. A sensible default has been set.

62 'domain' => env('SESSION_DOMAIN', null),

63

64 // HTTPS Only Cookies

65 // By setting this option to true, session cookies will only be sent back

66 // to the server if the browser has a HTTPS connection. This will keep

67 // the cookie from being sent to you if it can not be done securely.

68 'secure' => env('SESSION_SECURE_COOKIE', false),

69

70 // HTTP Access Only

71 // Setting this value to true will prevent JavaScript from accessing the

72 // value of the cookie and the cookie will only be accessible through the HTTP protocol.

73 'http_only' => true,

74

75 // Same-Site Cookies

76 // This option determines how your cookies behave when cross-site requests

77 // take place, and can be used to mitigate CSRF attacks. By default, we

78 // do not enable this as other CSRF protection services are in place.

79 // Options: lax, strict

80 'same_site' => null,

81 ];