Skip to main content

Cookies and Https

SuperTokens ensures that cookies are secured by enabling the secure flag when generating session cookies.

When set, the secure attribute limits the scope of the cookie to be attached only to secure domains. This results in the cookie only being attached to requests transmitted over https. This, in turn, prevents cookie theft via man in the middle attacks.

important

If not explicitly set, SuperTokens automatically determines the value for the secure attribute based on your API domain having http or https.

Explicitly setting the secure attribute#

import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
supertokens: {
connectionURI: "...",
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
cookieSecure: true,
})
]
});
Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react