Updated default value for secure session detection

Updated default value for APP_URL so that the startsWith call is not
passed null, since that causes deprecation notice in PHP8.1.
Would show when APP_URL was not set, adding extra confusiion.

diff --git a/app/Config/session.php b/app/Config/session.php
index 4bbb789010ff341a0cf6d6b505201412a5b76819..a00d758071201903b137d12d27a2581f7e481867 100644 (file)
--- a/app/Config/session.php
+++ b/app/Config/session.php
@@ -72,7 +72,7 @@ return [
     // to the server if the browser has a HTTPS connection. This will keep
     // the cookie from being sent to you if it can not be done securely.
     'secure' => env('SESSION_SECURE_COOKIE', null)
-        ?? Str::startsWith(env('APP_URL'), 'https:'),
+        ?? Str::startsWith(env('APP_URL', ''), 'https:'),
 
     // HTTP Access Only
     // Setting this value to true will prevent JavaScript from accessing the