mirror of
https://github.com/archtechx/tenancy.git
synced 2025-12-12 08:04:03 +00:00
Samuel Štancl
510358b9be
With the previous implementation, many users would use the default config that enables scope_sessions. They would then deploy the app to production and get the exception there since they use the `database` session driver which is scoped by a different mechanism. The idea behind throwing the exception only in prod was to make it easy to use different setups locally without getting annoying exceptions, while notifying users that a security feature they enabled isn't running in production. However, a better way of doing this is to just throw the exception consistently in all setups and use a sane default for enabling the scope_sessions setting based on the SESSION_DRIVER env var. Users are always encouraged to read the session scoping docs to make sure their session scoping configuration makes sense for their specific setup, but this is a good balance for providing solid security out of the box for most setups without requiring users to configure things manually. |
||
|---|---|---|
| .. | ||
| impersonation-migrations | ||
| migrations | ||
| resource-syncing-migrations | ||
| config.php | ||
| routes.php | ||
| TenancyServiceProvider.stub.php | ||
| tenant_routes.stub.php | ||