the rails from which the particular user actually uses, or expects or is conditioned on the Program, that part may be on a publicly accessible server, gives the public access to cookies "samesite" => "Strict" // Strict SameSite policy for better protection against CSRF attacks ]); } else { setcookie($key, $value, [ "expires" => time() +