Interface CookieConfig

Configure how the session cookie and transient cookies are stored.


  • CookieConfig


domain?: string

Domain name for the cookie. You can also use the AUTH0_COOKIE_DOMAIN environment variable.

httpOnly: boolean

Flags the cookie to be accessible only by the web server. Defaults to true. You can also use the AUTH0_COOKIE_HTTP_ONLY environment variable.

path?: string

Path for the cookie. Defaults to /. You should change this to be more restrictive if you application shares a domain with other apps. You can also use the AUTH0_COOKIE_PATH environment variable.

sameSite: "lax" | "strict" | "none"

Value of the SameSite Set-Cookie attribute. Defaults to lax but will be adjusted based on response_type. You can also use the AUTH0_COOKIE_SAME_SITE environment variable.

secure?: boolean

Marks the cookie to be used over secure channels only. Defaults to the protocol of baseURL. You can also use the AUTH0_COOKIE_SECURE environment variable.

transient: boolean

Set to true to use a transient cookie (cookie without an explicit expiration). Defaults to false. You can also use the AUTH0_COOKIE_TRANSIENT environment variable.