Cookies

Securing Your Website Cookies

Configure secure cookies with HttpOnly, Secure, and SameSite attributes.

Cookie security attributes:

## Secure
Only send over HTTPS

## HttpOnly
Prevent JavaScript access (prevents XSS theft)

## SameSite
Control cross-site cookie sending
Strict, Lax, or None

## Laravel
SESSION_SECURE_COOKIE=true
SESSION_SAMESITE=strict

Was this article helpful?