// Ensure cookies are only sent over HTTPS "httponly" => true, // Prevent client-side JavaScript access to cookies "samesite" => "Strict" // Strict SameSite policy for better protection against CSRF attacks ]); } else { setcookie($key, "", time() - 1000); } } }