Interface CookieConfigParams

Hierarchy

  • CookieConfigParams

Properties

domain?: string

Domain name for the cookie. Passed to the Response cookie as domain

httpOnly?: boolean

Flags the cookie to be accessible only by the web server. Passed to the Response cookie as httponly. Defaults to true.

path?: string

Path for the cookie. Passed to the Response cookie as path

sameSite?: string

Value of the SameSite Set-Cookie attribute. Passed to the Response cookie as samesite. Defaults to "Lax" but will be adjusted based on AuthorizationParameters.response_type. When setting to 'None' (uncommon), you should implement CSRF protection on your own routes

secure?: boolean

Marks the cookie to be used over secure channels only. Passed to the Response cookie as secure. Defaults to the protocol of ConfigParams.baseURL.

transient?: boolean

Set to true to use a transient cookie (cookie without an explicit expiration). Default is false