|
Object containing default options to pass when setting cookies.
The object may have following properties:
- path -
{string} - The cookie will be available only for this path and its
sub-paths. By default, this is the URL that appears in your <base> tag.
- domain -
{string} - The cookie will be available only for this domain and
its sub-domains. For security reasons the user agent will not accept the cookie
if the current domain is not a sub-domain of this domain or equal to it.
- expires -
{string|Date} - String of the form "Wdy, DD Mon YYYY HH:MM:SS GMT"
or a Date object indicating the exact date/time this cookie will expire.
- secure -
{boolean} - If true, then the cookie will only be available through a
secured connection.
- samesite -
{string} - prevents the browser from sending the cookie along with cross-site requests.
Accepts the values lax and strict. See the OWASP Wiki
for more info. Note that as of May 2018, not all browsers support SameSite,
so it cannot be used as a single measure against Cross-Site-Request-Forgery (CSRF) attacks.
Note: By default, the address that appears in your <base> tag will be used as the path.
This is important so that cookies will be visible for all routes when html5mode is enabled.
|