Optional
domainOptional
httpFlags the cookie to be accessible only by the web server.
Passed to the Response cookie as httponly
.
Defaults to true
.
Optional
pathPath for the cookie.
Passed to the Response cookie as path
Optional
sameValue of the SameSite Set-Cookie attribute.
Passed to the Response cookie as samesite
.
Defaults to "Lax" but will be adjusted based on AuthorizationParameters.response_type.
When setting to 'None' (uncommon), you should implement CSRF protection on your own routes
Optional
secureMarks the cookie to be used over secure channels only.
Passed to the Response cookie as secure
.
Defaults to the protocol of ConfigParams.baseURL.
Optional
transientSet to true to use a transient cookie (cookie without an explicit expiration).
Default is false
Domain name for the cookie. Passed to the Response cookie as
domain