Interface CookieConfig

Domain name for the cookie. You can also use the AUTH0_COOKIE_DOMAIN environment variable.

Flags the cookie to be accessible only by the web server. Defaults to true. You can also use the AUTH0_COOKIE_HTTP_ONLY environment variable.

Path for the cookie. Defaults to /. You should change this to be more restrictive if you application shares a domain with other apps. You can also use the AUTH0_COOKIE_PATH environment variable.

Value of the SameSite Set-Cookie attribute. Defaults to lax but will be adjusted based on response_type. You can also use the AUTH0_COOKIE_SAME_SITE environment variable.

Marks the cookie to be used over secure channels only. Defaults to the protocol of baseURL. You can also use the AUTH0_COOKIE_SECURE environment variable.

Set to true to use a transient cookie (cookie without an explicit expiration). Defaults to false. You can also use the AUTH0_COOKIE_TRANSIENT environment variable.