-
Notifications
You must be signed in to change notification settings - Fork 937
config properties session properties cookie
v1.3.2
object
(Details)
Property | Type | Required | Nullable | Defined by |
---|---|---|---|---|
domain | string |
Optional | cannot be null | Config |
http_only | boolean |
Optional | cannot be null | Config |
name | string |
Optional | cannot be null | Config |
retention | string |
Optional | cannot be null | Config |
same_site | string |
Optional | cannot be null | Config |
secure | boolean |
Optional | cannot be null | Config |
domain
is the domain the cookie will be bound to. Works for subdomains, but not cross-domain.
See the session.enable_auth_token_header
configuration instead if the API and the client application run on
different domains.
domain
-
is optional
-
cannot be null
string
The default value is:
"hanko"
http_only
determines whether cookies are HTTP only or accessible by Javascript.
http_only
-
is optional
-
cannot be null
boolean
The default value is:
true
name
is the name of the cookie.
name
-
is optional
-
cannot be null
string
The default value is:
"hanko"
retention
determines the retention behavior of authentication cookies.
retention
-
is optional
-
cannot be null
string
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"session" |
Issues a temporary cookie that lasts for the duration of the browser session. |
"persistent" |
Issues a cookie that remains stored on the user's device until it reaches its expiration date. |
"prompt" |
Allows the user to choose whether to stay signed in. If the user selects 'Stay signed in', a persistent cookie is issued; a session cookie otherwise. |
The default value is:
"persistent"
same_site
controls whether a cookie is sent with cross-site requests.
See here for
more details.
same_site
-
is optional
-
cannot be null
string
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"strict" |
|
"lax" |
|
"none" |
The default value is:
"strict"
secure
indicates whether the cookie is sent to the server only when a request is made with the https: scheme
(except on localhost).
NOTE: secure
must be set to false
when working on localhost
and with the Safari browser because it does
not store secure cookies on localhost
.
secure
-
is optional
-
cannot be null
boolean
The default value is:
true