456afdcd4c
Added a notice to the top of each to explain they should not be normally modified. Standardised comment format used for each item. Better aligned some files with laravel 5.5 options.
81 lines
3.1 KiB
PHP
81 lines
3.1 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Session configuration options.
|
|
*
|
|
* Changes to these config files are not supported by BookStack and may break upon updates.
|
|
* Configuration should be altered via the `.env` file or environment variables.
|
|
* Do not edit this file unless you're happy to maintain any changes yourself.
|
|
*/
|
|
|
|
return [
|
|
|
|
// Default session driver
|
|
// Options: file, cookie, database, redis, memcached, array
|
|
'driver' => env('SESSION_DRIVER', 'file'),
|
|
|
|
|
|
// Session lifetime, in minutes
|
|
'lifetime' => env('SESSION_LIFETIME', 120),
|
|
|
|
// Expire session on browser close
|
|
'expire_on_close' => false,
|
|
|
|
// Encrypt session data
|
|
'encrypt' => false,
|
|
|
|
// Location to store session files
|
|
'files' => storage_path('framework/sessions'),
|
|
|
|
// Session Database Connection
|
|
// When using the "database" or "redis" session drivers, you can specify a
|
|
// connection that should be used to manage these sessions. This should
|
|
// correspond to a connection in your database configuration options.
|
|
'connection' => null,
|
|
|
|
// Session database table, if database driver is in use
|
|
'table' => 'sessions',
|
|
|
|
// Session Sweeping Lottery
|
|
// Some session drivers must manually sweep their storage location to get
|
|
// rid of old sessions from storage. Here are the chances that it will
|
|
// happen on a given request. By default, the odds are 2 out of 100.
|
|
'lottery' => [2, 100],
|
|
|
|
|
|
// Session Cookie Name
|
|
// Here you may change the name of the cookie used to identify a session
|
|
// instance by ID. The name specified here will get used every time a
|
|
// new session cookie is created by the framework for every driver.
|
|
'cookie' => env('SESSION_COOKIE_NAME', 'bookstack_session'),
|
|
|
|
// Session Cookie Path
|
|
// The session cookie path determines the path for which the cookie will
|
|
// be regarded as available. Typically, this will be the root path of
|
|
// your application but you are free to change this when necessary.
|
|
'path' => '/',
|
|
|
|
// Session Cookie Domain
|
|
// Here you may change the domain of the cookie used to identify a session
|
|
// in your application. This will determine which domains the cookie is
|
|
// available to in your application. A sensible default has been set.
|
|
'domain' => env('SESSION_DOMAIN', null),
|
|
|
|
// HTTPS Only Cookies
|
|
// By setting this option to true, session cookies will only be sent back
|
|
// to the server if the browser has a HTTPS connection. This will keep
|
|
// the cookie from being sent to you if it can not be done securely.
|
|
'secure' => env('SESSION_SECURE_COOKIE', false),
|
|
|
|
// HTTP Access Only
|
|
// Setting this value to true will prevent JavaScript from accessing the
|
|
// value of the cookie and the cookie will only be accessible through the HTTP protocol.
|
|
'http_only' => true,
|
|
|
|
// Same-Site Cookies
|
|
// This option determines how your cookies behave when cross-site requests
|
|
// take place, and can be used to mitigate CSRF attacks. By default, we
|
|
// do not enable this as other CSRF protection services are in place.
|
|
// Options: lax, strict
|
|
'same_site' => null,
|
|
];
|