Improve security of cookies

2022-09-10 13:03:51 +01:00 · 2022-09-10 13:03:51 +01:00 · 87aca4864c
commit 87aca4864c
parent bb01d22562
1 changed files with 2 additions and 2 deletions
--- a/config/session.php
+++ b/config/session.php
@ -128,7 +128,7 @@ return [
    'cookie' => env(
        'SESSION_COOKIE',
-        Str::slug(env('APP_NAME', 'laravel'), '_') . '_session'
+        (env('SECURE_SESSION_COOKIE') ? '__Host-' : '') . Str::slug(env('APP_NAME', 'laravel'), '_') . '_session'
    ),
    /*
@ -196,6 +196,6 @@ return [
    |
    */
-    'same_site' => 'lax',
+    'same_site' => 'strict',
 ];