Options
All
  • Public
  • Public/Protected
  • All
Menu

Interface UserSessionCookiesOptions

Hierarchy

  • UserSessionCookiesOptions

Properties

Properties

Optional Readonly domain

domain: string

Domain attribute value used for all user session cookies.
Defaults to Domain attribute not being set.

Readonly name

name: object

Cookie names.

Type declaration

  • Readonly payload: string

    Name of the cookie where JWT header.payload part is stored.
    Name needs to be un lowercase.

  • Readonly refresh: string

    Name of the cookie where Refresh Token is stored.
    Name needs to be un lowercase.

  • Readonly signature: string

    Name of the cookie where JWT signature part is stored.
    Name needs to be un lowercase.

Readonly path

path: object

Cookie Path attribute value.

Type declaration

  • Optional Readonly access-payload?: string

    Path for {@link UserSessionCookiesOptions.name.payload} cookie.
    Defaults to Path attribute not being set.

  • Optional Readonly access-signature?: string

    Path for {@link UserSessionCookiesOptions.name.signature} cookie.
    Defaults to Path attribute not being set.

  • Readonly refresh: string

    Path for {@link UserSessionCookiesOptions.name.refresh} cookie.
    Refresh tokens are used for session refresh and delete, therefore it needs to contain a very restrictive path, which covers only these two operations, in order to minimize token exposure.

    example

    /session path with PUT and DELETE verbs.

Readonly persistentAccessToken

persistentAccessToken: boolean

Whether access token cookie(s) need to be persisted in browser.
When set to:
- true - sets Max-Age attribute which makes the browser to persist that cookie for specified amount of time
- false - doesn't set Max-Age, nor Expires attribute which makes the browser to not persist that cookie

Readonly sameSite

sameSite: boolean | "lax" | "strict" | "none"

SameSite attribute value used for all user session cookies.