From c991941ef3f4730d1efa01c9758b6aa654e4c4a0 Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Tue, 11 Sep 2018 19:51:58 +1000 Subject: [PATCH] Update session preferences from upstream --- config/app.php | 6 +++--- config/session.php | 53 ++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 49 insertions(+), 10 deletions(-) diff --git a/config/app.php b/config/app.php index b57f5768..07d1163c 100644 --- a/config/app.php +++ b/config/app.php @@ -39,7 +39,7 @@ return [ | */ - 'url' => env('APP_URL'), + 'url' => env('APP_URL', 'http://localhost'), /* |-------------------------------------------------------------------------- @@ -91,8 +91,8 @@ return [ | */ - 'key' => env('APP_KEY', 'SomeRandomString'), - 'cipher' => env('APP_CIPHER', 'MCRYPT_RIJNDAEL_128'), + 'key' => env('APP_KEY'), + 'cipher' => env('APP_CIPHER', 'AES-256-CBC'), /* |-------------------------------------------------------------------------- diff --git a/config/session.php b/config/session.php index 2514731d..cc5826da 100644 --- a/config/session.php +++ b/config/session.php @@ -29,7 +29,7 @@ return [ | */ - 'lifetime' => 120, + 'lifetime' => env('SESSION_LIFETIME', 120), 'expire_on_close' => false, @@ -44,7 +44,7 @@ return [ | */ - 'encrypt' => false, + 'encrypt' => env('SESSION_ENCRYPTED', false), /* |-------------------------------------------------------------------------- @@ -70,7 +70,7 @@ return [ | */ - 'connection' => null, + 'connection' => env('SESSION_CONNECTION', null), /* |-------------------------------------------------------------------------- @@ -85,6 +85,18 @@ return [ 'table' => 'sessions', + /* + |-------------------------------------------------------------------------- + | Session Cache Store + |-------------------------------------------------------------------------- + | + | When using the "apc" or "memcached" session drivers, you may specify a + | cache store that should be used for these sessions. This value must + | correspond with one of the application's configured cache stores. + | + */ + 'store' => env('SESSION_STORE', null), + /* |-------------------------------------------------------------------------- | Session Sweeping Lottery @@ -108,8 +120,10 @@ return [ | new session cookie is created by the framework for every driver. | */ - - 'cookie' => 'laravel_session', + 'cookie' => env( + 'SESSION_COOKIE', + str_slug(env('APP_NAME', 'laravel'), '_').'_session' + ), /* |-------------------------------------------------------------------------- @@ -135,7 +149,7 @@ return [ | */ - 'domain' => null, + 'domain' => env('SESSION_DOMAIN', null), /* |-------------------------------------------------------------------------- @@ -148,6 +162,31 @@ return [ | */ - 'secure' => false, + 'secure' => env('SESSION_SECURE_COOKIE', false), + /* + |-------------------------------------------------------------------------- + | HTTP Access Only + |-------------------------------------------------------------------------- + | + | Setting this value to true will prevent JavaScript from accessing the + | value of the cookie and the cookie will only be accessible through + | the HTTP protocol. You are free to modify this option if needed. + | + */ + 'http_only' => true, + + /* + |-------------------------------------------------------------------------- + | Same-Site Cookies + |-------------------------------------------------------------------------- + | + | This option determines how your cookies behave when cross-site requests + | take place, and can be used to mitigate CSRF attacks. By default, we + | do not enable this as other CSRF protection services are in place. + | + | Supported: "lax", "strict" + | + */ + 'same_site' => null, ];