<?php
ini_set("session.cookie_httponly", true);
$lifetime = 604800; // in seconds
session_set_cookie_params([
    'lifetime' => $lifetime,
    'path' => '/',
    'secure' => isset($_SERVER['HTTPS']),
    'httponly' => true, // client-side script prevented
    'samesite' => 'Lax'
]);
session_start();
?>