|Did you know ...||Search Documentation:|
0(zero) disables timeout.
/. Cookies are only sent if the HTTP request path is a refinement of Path.
auto(default), which creates a session if there is a request whose path matches the defined session path or
noauto, in which cases sessions are only created by calling http_open_session/2 explicitely.
active, which starts a thread that performs session cleanup at close to the moment of the timeout or
passive, which runs session GC when a new session is created.
strict- The SameSite attribute prevents the CSRF vulnerability. strict has best security, but prevents links from external sites from operating properly. lax stops most CSRF attacks against REST endpoints but rarely interferes with legitimage operations.
noneremoves the samesite attribute entirely. Caution: The value
noneexposes the entire site to CSRF attacks.
In addition, extension libraries can define session_option/2
to make this predicate support more options. In particular,
library(http/http_redis_plugin) defines the following