...
Cookie | Support | Behaviour |
---|---|---|
HttpOnly | By default | The cookies are not going to be accesible from the JavaScript API. |
secure | Should be enabled by setting the configuration item "auth_secure_cookie" => "true" in opCommon.json. | This cookie could be sent just in a request ciphered over https protocol. That's the reason why it is not set by default. |
SameSite set to Strict | Supported since the following versions:
| The cookie set to strict means that the browser only sends the cookie if the request was made in the website that originally established the cookie. |
...