use json session serialization for new applications

This commit is contained in:
Taylor Otwell
2026-02-16 17:15:44 -06:00
parent da5fbb9233
commit 75cef503c6

View File

@@ -214,4 +214,20 @@ return [
'partitioned' => env('SESSION_PARTITIONED_COOKIE', false),
/*
|--------------------------------------------------------------------------
| Session Serialization
|--------------------------------------------------------------------------
|
| This value controls the serialization strategy for session data, which
| is JSON by default. Setting this to "php" allows the storage of PHP
| objects in the session but can make an application vulnerable to
| "gadget chain" serialization attacks if the APP_KEY is leaked.
|
| Supported: "json", "php"
|
*/
'serialization' => 'json',
];