* 90), // Sets cookie to expire in 90 days "path" => "/", "domain" => "$domain", "secure" => true, // Prevent client-side JavaScript access to cookies "samesite"