diff --git a/app-code/api/utils/security.php b/app-code/api/utils/security.php
index 3d6d318..7fcc0af 100644
--- a/app-code/api/utils/security.php
+++ b/app-code/api/utils/security.php
@@ -1,19 +1,25 @@
 <?php
 
+function secure_cookie_options(array $overrides = []): array
+{
+    return array_merge([
+        'path' => '/',
+        'secure' => true,
+        'httponly' => true,
+        'samesite' => 'Lax',
+    ], $overrides);
+}
+
 function secure_session_start(): void
 {
     if (session_status() === PHP_SESSION_ACTIVE) {
         return;
     }
 
-    session_set_cookie_params([
+    session_set_cookie_params(secure_cookie_options([
         'lifetime' => 0,
-        'path' => '/',
         'domain' => '',
-        'secure' => true,
-        'httponly' => true,
-        'samesite' => 'Lax',
-    ]);
+    ]));
 
     session_start();
 }
@@ -242,13 +248,9 @@ function clear_rate_limit(mysqli $conn, string $bucket, string $identifier = '')
 
 function set_secure_cookie(string $name, string $value, int $expires): void
 {
-    setcookie($name, $value, [
+    setcookie($name, $value, secure_cookie_options([
         'expires' => $expires,
-        'path' => '/',
-        'secure' => true,
-        'httponly' => true,
-        'samesite' => 'Lax',
-    ]);
+    ]));
 }
 
 function delete_cookie(string $name): void