Create Config::Cookie

app/Config/App.php

@@ -3,7 +3,6 @@
 namespace Config;
 
 use CodeIgniter\Config\BaseConfig;
-use DateTimeInterface;
 
 class App extends BaseConfig
 {
@@ -242,6 +241,8 @@ class App extends BaseConfig
 	 * Set a cookie name prefix if you need to avoid collisions.
 	 *
 	 * @var string
+	 * 
+	 * @deprecated use Config\Cookie::$prefix property instead.
 	 */
 	public $cookiePrefix = '';
 
@@ -253,6 +254,8 @@ class App extends BaseConfig
 	 * Set to `.your-domain.com` for site-wide cookies.
 	 *
 	 * @var string
+	 * 
+	 * @deprecated use Config\Cookie::$domain property instead.
 	 */
 	public $cookieDomain = '';
 
@@ -264,6 +267,8 @@ class App extends BaseConfig
 	 * Typically will be a forward slash.
 	 *
 	 * @var string
+	 * 
+	 * @deprecated use Config\Cookie::$path property instead.
 	 */
 	public $cookiePath = '/';
 
@@ -275,6 +280,8 @@ class App extends BaseConfig
 	 * Cookie will only be set if a secure HTTPS connection exists.
 	 *
 	 * @var boolean
+	 * 
+	 * @deprecated use Config\Cookie::$secure property instead.
 	 */
 	public $cookieSecure = false;
 
@@ -286,6 +293,8 @@ class App extends BaseConfig
 	 * Cookie will only be accessible via HTTP(S) (no JavaScript).
 	 *
 	 * @var boolean
+	 * 
+	 * @deprecated use Config\Cookie::$httponly property instead.
 	 */
 	public $cookieHTTPOnly = true;
 
@@ -310,40 +319,11 @@ class App extends BaseConfig
 	 * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
 	 *
 	 * @var string
+	 * 
+	 * @deprecated use Config\Cookie::$samesite property instead.
 	 */
 	public $cookieSameSite = 'Lax';
 
-	/**
-	 * --------------------------------------------------------------------------
-	 * Cookie Raw
-	 * --------------------------------------------------------------------------
-	 *
-	 * This flag allows setting a "raw" cookie, i.e., its name and value are
-	 * not URL encoded using `rawurlencode()`.
-	 *
-	 * If this is set to `true`, cookie names should be compliant of RFC 2616's
-	 * list of allowed characters.
-	 *
-	 * @var boolean
-	 *
-	 * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes
-	 * @see https://tools.ietf.org/html/rfc2616#section-2.2
-	 */
-	public $cookieRaw = false;
-
-	/**
-	 * --------------------------------------------------------------------------
-	 * Cookie Expires Timestamp
-	 * --------------------------------------------------------------------------
-	 *
-	 * Default expires timestamp for cookies. Setting this to `0` will mean the
-	 * cookie will not have the `Expires` attribute and will behave as a session
-	 * cookie.
-	 *
-	 * @var DateTimeInterface|integer|string
-	 */
-	public $cookieExpires = 0;
-
 	/**
 	 * --------------------------------------------------------------------------
 	 * Reverse Proxy IPs

app/Config/Cookie.php

@@ -0,0 +1,119 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use DateTimeInterface;
+
+class Cookie extends BaseConfig
+{
+	/**
+	 * --------------------------------------------------------------------------
+	 * Cookie Prefix
+	 * --------------------------------------------------------------------------
+	 *
+	 * Set a cookie name prefix if you need to avoid collisions.
+	 *
+	 * @var string
+	 */
+	public $prefix = '';
+
+	/**
+	 * --------------------------------------------------------------------------
+	 * Cookie Expires Timestamp
+	 * --------------------------------------------------------------------------
+	 *
+	 * Default expires timestamp for cookies. Setting this to `0` will mean the
+	 * cookie will not have the `Expires` attribute and will behave as a session
+	 * cookie.
+	 *
+	 * @var DateTimeInterface|integer|string
+	 */
+	public $expires = 0;
+
+	/**
+	 * --------------------------------------------------------------------------
+	 * Cookie Path
+	 * --------------------------------------------------------------------------
+	 *
+	 * Typically will be a forward slash.
+	 *
+	 * @var string
+	 */
+	public $path = '/';
+
+	/**
+	 * --------------------------------------------------------------------------
+	 * Cookie Domain
+	 * --------------------------------------------------------------------------
+	 *
+	 * Set to `.your-domain.com` for site-wide cookies.
+	 *
+	 * @var string
+	 */
+	public $domain = '';
+
+	/**
+	 * --------------------------------------------------------------------------
+	 * Cookie Secure
+	 * --------------------------------------------------------------------------
+	 *
+	 * Cookie will only be set if a secure HTTPS connection exists.
+	 *
+	 * @var boolean
+	 */
+	public $secure = false;
+
+	/**
+	 * --------------------------------------------------------------------------
+	 * Cookie HTTPOnly
+	 * --------------------------------------------------------------------------
+	 *
+	 * Cookie will only be accessible via HTTP(S) (no JavaScript).
+	 *
+	 * @var boolean
+	 */
+	public $httponly = true;
+
+	/**
+	 * --------------------------------- -----------------------------------------
+	 * Cookie SameSite
+	 * --------------------------------------------------------------------------
+	 *
+	 * Configure cookie SameSite setting. Allowed values are:
+	 * - None
+	 * - Lax
+	 * - Strict
+	 * - ''
+	 *
+	 * Alternatively, you can use the constant names:
+	 * - `Cookie::SAMESITE_NONE`
+	 * - `Cookie::SAMESITE_LAX`
+	 * - `Cookie::SAMESITE_STRICT`
+	 *
+	 * Defaults to `Lax` for compatibility with modern browsers. Setting `''`
+	 * (empty string) means default SameSite attribute set by browsers (`Lax`)
+	 * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
+	 *
+	 * @var string
+	 */
+	public $samesite = 'Lax';
+
+	/**
+	 * --------------------------------------------------------------------------
+	 * Cookie Raw
+	 * --------------------------------------------------------------------------
+	 *
+	 * This flag allows setting a "raw" cookie, i.e., its name and value are
+	 * not URL encoded using `rawurlencode()`.
+	 *
+	 * If this is set to `true`, cookie names should be compliant of RFC 2616's
+	 * list of allowed characters.
+	 *
+	 * @var boolean
+	 *
+	 * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes
+	 * @see https://tools.ietf.org/html/rfc2616#section-2.2
+	 */
+	public $raw = false;
+}

env

@@ -88,6 +88,19 @@
 # contentsecuritypolicy.sandbox = false
 # contentsecuritypolicy.upgradeInsecureRequests = false
 
+#--------------------------------------------------------------------
+# COOKIE
+#--------------------------------------------------------------------
+
+# cookie.prefix   = ''
+# cookie.expires  = 0
+# cookie.path     = '/'
+# cookie.domain   = ''
+# cookie.secure   = false
+# cookie.httponly = false
+# cookie.samesite = 'Lax'
+# cookie.raw      = false
+
 #--------------------------------------------------------------------
 # ENCRYPTION
 #--------------------------------------------------------------------

system/Cookie/CloneableCookieInterface.php

@@ -19,15 +19,6 @@
  */
 interface CloneableCookieInterface extends CookieInterface
 {
-	/**
-	 * Creates a new Cookie with URL encoding option updated.
-	 *
-	 * @param boolean $raw
-	 *
-	 * @return static
-	 */
-	public function withRaw(bool $raw = true);
-
 	/**
 	 * Creates a new Cookie with a new cookie prefix.
 	 *
@@ -79,22 +70,22 @@ public function withExpired();
 	public function withNeverExpiring();
 
 	/**
-	 * Creates a new Cookie with a new domain the cookie is available.
+	 * Creates a new Cookie with a new path on the server the cookie is available.
 	 *
-	 * @param string|null $domain
+	 * @param string|null $path
 	 *
 	 * @return static
 	 */
-	public function withDomain(?string $domain);
+	public function withPath(?string $path);
 
 	/**
-	 * Creates a new Cookie with a new path on the server the cookie is available.
+	 * Creates a new Cookie with a new domain the cookie is available.
 	 *
-	 * @param string|null $path
+	 * @param string|null $domain
 	 *
 	 * @return static
 	 */
-	public function withPath(?string $path);
+	public function withDomain(?string $domain);
 
 	/**
 	 * Creates a new Cookie with a new "Secure" attribute.
@@ -112,7 +103,7 @@ public function withSecure(bool $secure = true);
 	 *
 	 * @return static
 	 */
-	public function withHttpOnly(bool $httpOnly = true);
+	public function withHTTPOnly(bool $httpOnly = true);
 
 	/**
 	 * Creates a new Cookie with a new "SameSite" attribute.
@@ -122,4 +113,13 @@ public function withHttpOnly(bool $httpOnly = true);
 	 * @return static
 	 */
 	public function withSameSite(string $sameSite);
+
+	/**
+	 * Creates a new Cookie with URL encoding option updated.
+	 *
+	 * @param boolean $raw
+	 *
+	 * @return static
+	 */
+	public function withRaw(bool $raw = true);
 }