From ae031fd488c3a6a9448f3d7b68456079e0613377 Mon Sep 17 00:00:00 2001 From: Kevin MacMartin Date: Tue, 1 Dec 2015 00:00:45 -0500 Subject: [PATCH] Enable session security measures and set the cookie name using a .env variable --- .env.example | 2 ++ config/session.php | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index 37aa1df..1751f23 100644 --- a/.env.example +++ b/.env.example @@ -8,6 +8,8 @@ DB_DATABASE=hypothetical DB_USERNAME=homestead DB_PASSWORD=secret +COOKIE_NAME=hypothetical + CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=sync diff --git a/config/session.php b/config/session.php index f1b0042..05c0f86 100644 --- a/config/session.php +++ b/config/session.php @@ -44,7 +44,7 @@ return [ | */ - 'encrypt' => false, + 'encrypt' => true, /* |-------------------------------------------------------------------------- @@ -109,7 +109,7 @@ return [ | */ - 'cookie' => 'laravel_session', + 'cookie' => env('COOKIE_NAME', 'hypothetical'), /* |-------------------------------------------------------------------------- @@ -148,6 +148,6 @@ return [ | */ - 'secure' => false, + 'secure' => true, ];