Skip to content

Kirby 5.4.4

    Search by Algolia

    cookie

    Configure the behavior of HTTP cookies

    Values of HTTP cookies set by the Kirby backend are signed (or authenticated) to prevent easy tampering. Generating these signatures (so-called HMACs) requires a key that should be stable and consistent on the server, but still independent from other sites or setups and ideally private and hard to guess. The key is set to a fixed string by default, so you should define your own key that will be used instead:

    /site/config/config.php
    Kirby\Http\Cookie::$key = '...';

return [
    // additional options
];

    The cookie key should be a long string of random characters.

    You can read more about the security impact of this option in the security guide.