New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[7.x] Cleanup session config #5261
Conversation
Keeping same-site lax as it is a more secure default for session cookies IMO. |
Just to clarify, this PR actually changes nothing at all... |
Nothing was reverted, only a redundant explicit default was removed. |
Does that mean the entry in the upgrade guide may not necessary? https://laravel.com/docs/7.x/upgrade#symfony-5-related-upgrades
thx |
No I mean that this PR did not revert anything, not that nothing was changed between 6 and 7. |
That line is still needed. |
@GrahamCampbell The PR doesn't revert anything and is just about documentation now, because of the Taylor commit, and you know it. My PR was not about refactoring this little env default, but reverting the 'lax' default value. I understand the wish to keep it: the lax value is following a new security choice, but it apparently wasn't an upgrade need (you know, editing my message and crossing the point doesn't make it less relevant). So please, do not feel hurt about that, you made an amazing job updating theses packages, so no need to ruin everything by being rude 🙂. Thanks for your work and see you on the next PR 😉. |
My comment wasn't directed at you, and wasn't meant to be rude. It was meant to help people who landed on this PR and got confused by the PR title. ;) |
Hi,
Several changes reverted from #5157 (Symfony 5 update):
Re-set null by default for same-site configuration, because as the phpdoc says itself "By default, we do not enable this", and I didn't find any clue of why this has be done, as it seems that nothing change for Laravel here in Symfony 5 update (new default for symfony Cookie, but Laravel set the value, so do not use the default see https://github.com/symfony/symfony/blob/5.0/src/Symfony/Component/HttpFoundation/Cookie.php#L91 and https://github.com/laravel/framework/blob/5c2c1df2d9d56f761e9c6352db067eb78426da62/src/Illuminate/Session/Middleware/StartSession.php#L157).I'm doing an other PR to the upgrade guide in the doc to update that.
Thanks,
Matt'
EDIT: Updated to reflect actual PR by @GrahamCampbell