PHP Luminova: Client Cookies & Security Configurations

The Cookie Configuration class allows you to manage and customize cookies in your web application. You can control client-side cookie behavior, including save path, expiration, path, domain, SameSite policy, and security flags, giving you full control over how cookies are stored and used.

Class Definition

• Class namespace: \App\Config\Cookie
• File path: /app/Config/Cookie.php
• This class is marked as final and can't be subclassed

Properties

savePath

The directory where cookie-related data may be stored on the server.

public string $savePath = '';

Leave empty for default PHP cookie storage path.

expiration

The cookie's expiration time in seconds.

public int $expiration = 365 * 24 * 60 * 60;

This determines how long the cookie remains valid.

cookiePath

The path where the cookie is accessible.

public string $cookiePath = '/';

This restricts the availability of this cookie to a specific URI path.

cookieDomain

The domain for which the cookie is valid.

public string $cookieDomain = '.localhost';

This determines which domains can access the cookie (e.g., '.' . APP_HOSTNAME).

sameSite

The SameSite policy for cookies.

Defines how cookies are sent with cross-site requests.

Options: None, Lax, Strict

public string $sameSite = 'Lax'

secure

Enforce secure cookies by requiring an HTTPS connection.

public bool $secure = false;

If enabled, cookies will not be sent over an insecure HTTP connection.

httpOnly

Restrict cookie access to HTTP(S) requests only.

If enabled, JavaScript cannot access the cookie via document.cookie.

public bool $httpOnly = true;

cookieRaw

Enable setting raw (non-URL-encoded) cookies.

If enabled, cookie names and values must comply with RFC 2616, i.e., its name and value are not URL encoded using rawurlencode() leaving the cookie as it was.

public bool $cookieRaw = false;

See Reference:

• Web HTTP Headers Set-Cookie Attributes
• RFC 2616 Section 2.2