Skip to content
oidc-provider
Search limited to v8.x. Switch to the latest version for up-to-date results.

Cookies

This content is for v8.x. Switch to the latest version for up-to-date documentation.

cookies

Section titled “cookies”

Options for the cookie module used to keep track of various User-Agent states. The options maxAge and expires are ignored. Use ttl.Session and ttl.Interaction to configure the ttl and in turn the cookie expiration values for Session and Interaction models.

cookies.keys

Section titled “cookies.keys”

Keygrip Signing keys used for cookie signing to prevent tampering. You may also pass your own KeyGrip instance.

recommendation: Rotate regularly (by prepending new keys) with a reasonable interval and keep a reasonable history of keys to allow for returning user session cookies to still be valid and re-signed

default value:

[]

cookies.long

Section titled “cookies.long”

Options for long-term cookies

recommendation: set cookies.keys and cookies.long.signed = true

default value:

{
  httpOnly: true,
  sameSite: 'none'
}

cookies.names

Section titled “cookies.names”

Cookie names used to store and transfer various states.

default value:

{
  interaction: '_interaction',
  resume: '_interaction_resume',
  session: '_session'
}

cookies.short

Section titled “cookies.short”

Options for short-term cookies

recommendation: set cookies.keys and cookies.short.signed = true

default value:

{
  httpOnly: true,
  sameSite: 'lax'
}