From 0bbb6c04db4f6543d2ac63affe6c3163a23976fa Mon Sep 17 00:00:00 2001
From: Kevin MacMartin <prurigro@gmail.com>
Date: Tue, 26 Sep 2017 12:03:25 -0400
Subject: [PATCH] Add Same-Site Cookies option to session.php

---
 config/session.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/config/session.php b/config/session.php
index 88a6c52..abfda62 100644
--- a/config/session.php
+++ b/config/session.php
@@ -179,4 +179,19 @@ return [
 
     'http_only' => false,
 
+    /*
+    |--------------------------------------------------------------------------
+    | Same-Site Cookies
+    |--------------------------------------------------------------------------
+    |
+    | This option determines how your cookies behave when cross-site requests
+    | take place, and can be used to mitigate CSRF attacks. By default, we
+    | do not enable this as other CSRF protection services are in place.
+    |
+    | Supported: "lax", "strict"
+    |
+    */
+
+    'same_site' => null,
+
 ];