stuggling to properly set the httponly cookie headers

[karmadelmoayor]

Hello OPNsensers,

I created a small nginx-based web application for my last I.T class homework.

During the login process, I declare a few primary sessions in my code such as:

$_SESSION['user']=$user;

Then I declared the cookie set header right underneath such as

setcookie("user", $user, ['httponly' => true, 'samesite'=>'Strict']);

But for sure I'm doing something wrong .

When I checked other web application it show something like this:

set-cookie
b=nil;max-age=0;path=/;domain=nameofthewebsite.com

In my case, in display something like this :

Cookie
PHPSESSID=d9peo0453gog94jtn94jgn949 - user=username

This shows as well: Upgrade-Insecure-Request 1

Can someone guide me out please to make sure my web application is secured enough please ?

It should not be such a big deal I guess