-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional allowed cookieOptions #53
Additional allowed cookieOptions #53
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Giving developers the option to set expires
sounds like they should be configuring it, when in fact you'd only wanna use it to set it to 0 to get ephemeral cookies.
So why not call it ephemeral: true
in the first place?
I don't think I'd ever have a case where I want use maxAge
or expires
, because for duration, i have the duration configuration option and i always figure they should be aligned (cookie and the JWE expiration).
Please get rid of maxAge
as well as expires
, and just have one boolean to get the removed feature in 08e6702
Added `expires` allowed as null or 0 to set an ephemeral cookie (documented method of setting duration to 0 did not work). Also added `maxAge` as an additional way to set this cookie duration. If both are omitted, cookie expires defaults to appSessionDuration.
Description
ephemeral
flag toappSessionCookie
that, when true, will set theexpire
attribute for the session cookie to0
. Default value isfalse
, which will use theappSessionDuration
to set the cookie expiration.sameSite
value inappSessionCookie
toLax
. This does not change the behavior of thenonce
orstate
cookies.From the documentation:
References
Testing