Same as ClientSessionDirectives.invalidateSession), but also removes the remember me cookie and the remember me token (from the client and token store).
Same as ClientSessionDirectives.invalidateSession), but also removes the remember me cookie and the remember me token (from the client and token store).
Invalidate the session cookie
Invalidate the session cookie
Same as ClientSessionDirectives.optionalSession, but also tries to create a new session based on the remember me cookie, if no session is present.
Same as ClientSessionDirectives.optionalSession, but also tries to create a new session based on the remember me cookie, if no session is present.
Read an optional session from the session cookie.
Read an optional session from the session cookie.
Protects against CSRF attacks using a double-submit cookie.
Protects against CSRF attacks using a double-submit cookie. The cookie will be set on any GET
request which
doesn't have the token set in the header. For all other requests, the value of the token from the CSRF cookie must
match the value in the custom header (or request body, if checkFormBody
is true
).
Note that this scheme can be broken when not all subdomains are protected or not using HTTPS and secure cookies, and the token is placed in the request body (not in the header).
See the documentation for more details.
Same as ClientSessionDirectives.requiredSession, but also tries to create a new session based on the remember me cookie, if no session is present.
Same as ClientSessionDirectives.requiredSession, but also tries to create a new session based on the remember me cookie, if no session is present.
Read a required session from the session cookie.
Read a required session from the session cookie.
Same as ClientSessionDirectives.setSession, plus also generates a new remember me token (removing old ones) and stores it in the remember me cookie.
Same as ClientSessionDirectives.setSession, plus also generates a new remember me token (removing old ones) and stores it in the remember me cookie.
Set the session cookie with the session content.
Set the session cookie with the session content. The content is signed, optionally encrypted and with an optional expiry date.
Same as ClientSessionDirectives.touchOptionalSession; if the user session is already present, keeps the same remember me token if one is present.
Same as ClientSessionDirectives.touchOptionalSession; if the user session is already present, keeps the same remember me token if one is present.
Sets the session cookie again with the same data.
Sets the session cookie again with the same data. Useful when using the SessionConfig.clientSessionMaxAgeSeconds option, as it sets the expiry date anew.
Same as ClientSessionDirectives.touchRequiredSession; if the user session is already present, keeps the same remember me token if one is present.
Same as ClientSessionDirectives.touchRequiredSession; if the user session is already present, keeps the same remember me token if one is present.
Sets the session cookie again with the same data.
Sets the session cookie again with the same data. Useful when using the SessionConfig.clientSessionMaxAgeSeconds option, as it sets the expiry date anew.