Cookie configuration
Cookie settings are controlled by next variables in the environment
COOKIE_NAME: string
COOKIE_NAME: stringUnique sID of the cookie.
COOKIE_SECRET: string
COOKIE_SECRET: stringThis is the secret that's used to encrypt the data of the cookie. The session data itself is persisted in the database until logout happens or it simply expires.
COOKIE_DOMAIN: string
COOKIE_DOMAIN: stringDefines the host to which the cookie will be sent.
Only the current domain can be set as the value, or a domain of a higher order, unless it is a public suffix. Setting the domain will make the cookie available to it, as well as to all its subdomains.
COOKIE_HTTP_ONLY: boolean
COOKIE_HTTP_ONLY: booleanForbids JavaScript from accessing the cookie, for example, through the Document.cookieproperty. Note that a cookie that has been created with HttpOnly will still be sent with JavaScript-initiated requests, for example, when calling XMLHttpRequest.send() or fetch(). This mitigates attacks against cross-site scripting (XSS).
SESSION_EXPIRATION_MSC: number
SESSION_EXPIRATION_MSC: numberNumber of miliseconds after which session becomes invalid and requires a new authentication from the client/user.
COOKIE_SECURE: boolean
COOKIE_SECURE: booleanBoolean that indicates if the cookie is sent to the server only when a request is made with the https: scheme, and therefore, is more resistant to man-in-the-middle attacks.
Last updated