From 87aca4864cb234cfd8e20a169e23ddd098732d90 Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Sat, 10 Sep 2022 13:03:51 +0100
Subject: [PATCH] Improve security of cookies

---
 config/session.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/session.php b/config/session.php
index 9016f2df..32ba0b32 100644
--- a/config/session.php
+++ b/config/session.php
@@ -128,7 +128,7 @@ return [
 
     'cookie' => env(
         'SESSION_COOKIE',
-        Str::slug(env('APP_NAME', 'laravel'), '_') . '_session'
+        (env('SECURE_SESSION_COOKIE') ? '__Host-' : '') . Str::slug(env('APP_NAME', 'laravel'), '_') . '_session'
     ),
 
     /*
@@ -196,6 +196,6 @@ return [
     |
     */
 
-    'same_site' => 'lax',
+    'same_site' => 'strict',
 
 ];