CookieConfigParams | express-openid-connect (original) (raw)

Index

Properties

Optional domain

domain?: string

Domain name for the cookie. Passed to the Response cookie as domain

Optional httpOnly

httpOnly?: boolean

Flags the cookie to be accessible only by the web server. Passed to the Response cookie as httponly. Defaults to true.

Optional path

path?: string

Optional sameSite

sameSite?: string

Value of the SameSite Set-Cookie attribute. Passed to the Response cookie as samesite. Defaults to "Lax" but will be adjusted based on AuthorizationParameters.response_type. When setting to 'None' (uncommon), you should implement CSRF protection on your own routes

Optional secure

secure?: boolean

Marks the cookie to be used over secure channels only. Passed to the Response cookie as secure. Defaults to the protocol of ConfigParams.baseURL.

Optional transient

transient?: boolean

Set to true to use a transient cookie (cookie without an explicit expiration). Default is false