Moved config dir into app dir

Closes #1506

app/Config/session.php

@@ -0,0 +1,80 @@
+<?php
+
+/**
+ * Session configuration options.
+ *
+ * Changes to these config files are not supported by BookStack and may break upon updates.
+ * Configuration should be altered via the `.env` file or environment variables.
+ * Do not edit this file unless you're happy to maintain any changes yourself.
+ */
+
+return [
+
+    // Default session driver
+    // Options: file, cookie, database, redis, memcached, array
+    'driver' => env('SESSION_DRIVER', 'file'),
+
+    // Session lifetime, in minutes
+    'lifetime' => env('SESSION_LIFETIME', 120),
+
+    // Expire session on browser close
+    'expire_on_close' => false,
+
+    // Encrypt session data
+    'encrypt' => false,
+
+    // Location to store session files
+    'files' => storage_path('framework/sessions'),
+
+    // Session Database Connection
+    // When using the "database" or "redis" session drivers, you can specify a
+    // connection that should be used to manage these sessions. This should
+    // correspond to a connection in your database configuration options.
+    'connection' => null,
+
+    // Session database table, if database driver is in use
+    'table' => 'sessions',
+
+    // Session Sweeping Lottery
+    // Some session drivers must manually sweep their storage location to get
+    // rid of old sessions from storage. Here are the chances that it will
+    // happen on a given request. By default, the odds are 2 out of 100.
+    'lottery' => [2, 100],
+
+
+    // Session Cookie Name
+    // Here you may change the name of the cookie used to identify a session
+    // instance by ID. The name specified here will get used every time a
+    // new session cookie is created by the framework for every driver.
+    'cookie' => env('SESSION_COOKIE_NAME', 'bookstack_session'),
+
+    // Session Cookie Path
+    // The session cookie path determines the path for which the cookie will
+    // be regarded as available. Typically, this will be the root path of
+    // your application but you are free to change this when necessary.
+    'path' => '/',
+
+    // Session Cookie Domain
+    // Here you may change the domain of the cookie used to identify a session
+    // in your application. This will determine which domains the cookie is
+    // available to in your application. A sensible default has been set.
+    'domain' => env('SESSION_DOMAIN', null),
+
+    // HTTPS Only Cookies
+    // By setting this option to true, session cookies will only be sent back
+    // to the server if the browser has a HTTPS connection. This will keep
+    // the cookie from being sent to you if it can not be done securely.
+    'secure' => env('SESSION_SECURE_COOKIE', false),
+
+    // HTTP Access Only
+    // Setting this value to true will prevent JavaScript from accessing the
+    // value of the cookie and the cookie will only be accessible through the HTTP protocol.
+    'http_only' => true,
+
+    // Same-Site Cookies
+    // This option determines how your cookies behave when cross-site requests
+    // take place, and can be used to mitigate CSRF attacks. By default, we
+    // do not enable this as other CSRF protection services are in place.
+    // Options: lax, strict
+    'same_site' => null,
+];