Optional
domainDomain name for the cookie.
You can also use the AUTH0_COOKIE_DOMAIN
environment variable.
Flags the cookie to be accessible only by the web server.
Defaults to true
.
You can also use the AUTH0_COOKIE_HTTP_ONLY
environment variable.
Optional
pathPath for the cookie.
Defaults to /
.
You should change this to be more restrictive if you application shares a domain with other apps.
You can also use the AUTH0_COOKIE_PATH
environment variable.
Value of the SameSite Set-Cookie
attribute.
Defaults to lax
but will be adjusted based on response_type.
You can also use the AUTH0_COOKIE_SAME_SITE
environment variable.
Optional
secureMarks the cookie to be used over secure channels only.
Defaults to the protocol of baseURL.
You can also use the AUTH0_COOKIE_SECURE
environment variable.
Set to true
to use a transient cookie (cookie without an explicit expiration).
Defaults to false
.
You can also use the AUTH0_COOKIE_TRANSIENT
environment variable.
Configure how the session cookie and transient cookies are stored.