diff --git a/app/Config/App.php b/app/Config/App.php
index 1f1cd3fc74d9..86b94d04b217 100644
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -241,7 +241,7 @@ class App extends BaseConfig
 	 * Set a cookie name prefix if you need to avoid collisions.
 	 *
 	 * @var string
-	 * 
+	 *
 	 * @deprecated use Config\Cookie::$prefix property instead.
 	 */
 	public $cookiePrefix = '';
@@ -254,7 +254,7 @@ class App extends BaseConfig
 	 * Set to `.your-domain.com` for site-wide cookies.
 	 *
 	 * @var string
-	 * 
+	 *
 	 * @deprecated use Config\Cookie::$domain property instead.
 	 */
 	public $cookieDomain = '';
@@ -267,7 +267,7 @@ class App extends BaseConfig
 	 * Typically will be a forward slash.
 	 *
 	 * @var string
-	 * 
+	 *
 	 * @deprecated use Config\Cookie::$path property instead.
 	 */
 	public $cookiePath = '/';
@@ -280,7 +280,7 @@ class App extends BaseConfig
 	 * Cookie will only be set if a secure HTTPS connection exists.
 	 *
 	 * @var boolean
-	 * 
+	 *
 	 * @deprecated use Config\Cookie::$secure property instead.
 	 */
 	public $cookieSecure = false;
@@ -293,7 +293,7 @@ class App extends BaseConfig
 	 * Cookie will only be accessible via HTTP(S) (no JavaScript).
 	 *
 	 * @var boolean
-	 * 
+	 *
 	 * @deprecated use Config\Cookie::$httponly property instead.
 	 */
 	public $cookieHTTPOnly = true;
@@ -319,7 +319,7 @@ class App extends BaseConfig
 	 * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
 	 *
 	 * @var string
-	 * 
+	 *
 	 * @deprecated use Config\Cookie::$samesite property instead.
 	 */
 	public $cookieSameSite = 'Lax';
diff --git a/env b/env
index 662a854da002..1106ce46f932 100644
--- a/env
+++ b/env
@@ -31,23 +31,6 @@
 # app.sessionTimeToUpdate = 300
 # app.sessionRegenerateDestroy = false
 
-# app.cookiePrefix = ''
-# app.cookieDomain = ''
-# app.cookiePath = '/'
-# app.cookieSecure = false
-# app.cookieHTTPOnly = false
-# app.cookieSameSite = 'Lax'
-# app.cookieRaw = false
-# app.cookieExpires = 0
-
-# app.CSRFProtection = false
-# app.CSRFTokenName = 'csrf_test_name'
-# app.CSRFCookieName = 'csrf_cookie_name'
-# app.CSRFExpire = 7200
-# app.CSRFRegenerate = true
-# app.CSRFExcludeURIs = []
-# app.CSRFSameSite = 'Lax'
-
 # app.CSPEnabled = false
 
 #--------------------------------------------------------------------
@@ -95,14 +78,14 @@
 # COOKIE
 #--------------------------------------------------------------------
 
-# cookie.prefix   = ''
-# cookie.expires  = 0
-# cookie.path     = '/'
-# cookie.domain   = ''
-# cookie.secure   = false
+# cookie.prefix = ''
+# cookie.expires = 0
+# cookie.path = '/'
+# cookie.domain = ''
+# cookie.secure = false
 # cookie.httponly = false
 # cookie.samesite = 'Lax'
-# cookie.raw      = false
+# cookie.raw = false
 
 #--------------------------------------------------------------------
 # ENCRYPTION