when we save any custom settings cookies are created but would be better creating safe cookies
there is a peace of the improved code to generate safe cookies
file "settings.php":
if (isset($_REQUEST["save"])) {
foreach($_POST as $key=>$value) {
if (!empty($value)) {
// Set additional flags for cookie security
setcookie($key, $value, [
'expires' => time() + (86400 * 90),
'path' => '/',
'domain' => '',
'secure' => true, // Ensure cookies are only sent over HTTPS
'httponly' => true, // Prevent client-side JavaScript access to cookies
'samesite' => 'Strict' // Strict SameSite policy for better protection against CSRF attacks
]);
} else {
// If value is empty, delete the cookie
setcookie($key, "", time() - 1000);
}
}
}
when we save any custom settings cookies are created but would be better creating safe cookies
there is a peace of the improved code to generate safe cookies
file "settings.php":
if (isset($_REQUEST["save"])) {
foreach($_POST as $key=>$value) {
if (!empty($value)) {
// Set additional flags for cookie security
setcookie($key, $value, [
'expires' => time() + (86400 * 90),
'path' => '/',
'domain' => '',
'secure' => true, // Ensure cookies are only sent over HTTPS
'httponly' => true, // Prevent client-side JavaScript access to cookies
'samesite' => 'Strict' // Strict SameSite policy for better protection against CSRF attacks
]);
} else {
// If value is empty, delete the cookie
setcookie($key, "", time() - 1000);
}
}
}