CookieOptions
CookieOptions defines the shape of cookie configuration options used in the ThunderID Node.js SDK. Pass a CookieOptions object to getSessionCookieOptions to override the default cookie settings.
Interface
interface CookieOptions {
httpOnly?: boolean
maxAge?: number
sameSite?: boolean | 'lax' | 'strict' | 'none'
secure?: boolean
}
Properties
| Property | Type | Default | Description |
|---|---|---|---|
httpOnly | boolean | true | When true, the browser blocks JavaScript access to the cookie. Recommended to prevent cross-site scripting (XSS) attacks. |
maxAge | number | 3600 | The lifetime of the cookie in seconds. |
sameSite | boolean | 'lax' | 'strict' | 'none' | 'lax' | Controls how the cookie behaves in cross-origin requests. Use 'strict' for maximum security or 'none' (with secure: true) for cross-origin use cases. |
secure | boolean | true | When true, the browser only sends the cookie over HTTPS connections. |
Example
import { CookieOptions, getSessionCookieOptions } from '@thunderid/node'
const options: CookieOptions = {
httpOnly: true,
maxAge: 7200, // 2 hours
sameSite: 'strict',
secure: true,
}
const cookieOptions = getSessionCookieOptions(options)
Related
CookieConfig— Default values for cookie propertiesgetSessionCookieOptions()— Merges provided options with defaults
