Default of whether the cookie has the HttpOnly flag set More info: https://www.owasp.org/index.php/HttpOnly
Default of whether the cookie has the 'secure' flag set to allow transmission over https only. More info: https://www.owasp.org/index.php/SecureFlag
Default of whether the session should be created lazily.
Default of whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS
Default min length for a session id. More info: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
Default name of session cookie
Default path of session cookie
Default time, in ms, that a session lasts for without being accessed before expiring.
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.
Create a new session
Sets whether the 'HttpOnly' flag should be set for the session cookie. When set this flag instructs browsers to prevent Javascript access to the the cookie. Used as a line of defence against the most common XSS attacks.
Set a Cookie max-age to the session cookie. When doing this the Cookie will be persistent across browser restarts. This can be dangerous as closing a browser windows does not invalidate the session. For more information refer to https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#Expire_and_Max-Age_Attributes
Set the session cookie SameSite policy to use.
Sets whether the 'secure' flag should be set for the session cookie. When set this flag instructs browsers to only send the cookie over HTTPS. Note that this will probably stop your sessions working if used without HTTPS (e.g. in development).
Use sessions based on url paths instead of cookies. This is an potential less safe alternative to cookies but offers an alternative when Cookies are not desired, for example, to avoid showing banners on a website due to cookie laws, or doing machine to machine operations where state is required to maintain.
Use a lazy session creation mechanism. The session will only be created when accessed from the context. Thus the session cookie is set only if the session was accessed.
Set expected session id minimum length.
Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS
Set the session cookie name
Set the session cookie path
Set the session timeout
Set the user for the session
Set the user for the session
Create a session handler
Generated using TypeDoc
A handler that maintains a Session for each browser session.
It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.
The session is available on the routing context with .