PHP Luminova: Client Cookies & Security Configurations
Manage cookie settings such as expiration, path, and security flags to control how your application stores and protects client-side data.
The Cookie Configuration
class allows you to manage and customize cookies in your web application. You can control client-side cookie behavior, including save path, expiration, path, domain, SameSite
policy, and security flags, giving you full control over how cookies are stored and used.
Class Definition
- Class namespace:
\App\Config\Cookie
- File path:
/app/Config/Cookie.php
- This class is marked as final and can't be subclassed
Properties
savePath
The directory where cookie-related data may be stored on the server.
public string $savePath = '';
Leave empty for default PHP cookie storage path.
expiration
The cookie's expiration time in seconds.
public int $expiration = 365 * 24 * 60 * 60;
This determines how long the cookie remains valid.
cookiePath
The path where the cookie is accessible.
public string $cookiePath = '/';
This restricts the availability of this cookie to a specific URI path.
cookieDomain
The domain for which the cookie is valid.
public string $cookieDomain = '.localhost';
This determines which domains can access the cookie (e.g.,
'.' . APP_HOSTNAME
).
sameSite
The SameSite policy for cookies.
Defines how cookies are sent with cross-site requests.
Options: None
, Lax
, Strict
public string $sameSite = 'Lax'
secure
Enforce secure cookies by requiring an HTTPS connection.
public bool $secure = false;
If enabled, cookies will not be sent over an insecure HTTP connection.
httpOnly
Restrict cookie access to HTTP(S) requests only.
If enabled, JavaScript cannot access the cookie via document.cookie
.
public bool $httpOnly = true;
cookieRaw
Enable setting raw (non-URL-encoded) cookies.
If enabled, cookie names and values must comply with RFC 2616, i.e., its name and value are not URL encoded using rawurlencode()
leaving the cookie as it was.
public bool $cookieRaw = false;
See Reference: