Sessions Properties

The Ioto web server supports server-side sessions that are indexed by a session cookie. Ioto manages the creation of the session cookie and the management of sessions. APIs to get and set values in session state are provided.

The default sesion cookie name is -web-session-. You can modify this when building by defining WEB_SESSION_COOKIE to be the cookie name of your choice.


Description Collection of session properties
Synopsis sessions: { "Sessions-Property": "Session-Value", ...}
Example sessions: { cookie: "-web-cookie-", enable: true, sameSite: "lax", },

sessions → enable

Description Controls whether to create session state for a request.
Synopsis enable: true|false
Example enable: true

sessions → sameSite

Description Sets the sameSite property in the cookie.
Synopsis sameSite: "Lax|None|Strict"
Example sameSite: "Lax"

The sameSite property defines the Set-Cookie HTTP header SameSite field. It may be set to "Lax" (the default), "None" or Strict.

See MDN Set-Cookie SameSite for more information.


This property is used to effectively defend against CSRF attacks.

© Embedthis Software. All rights reserved.