| Value | Meaning |
|---|---|
| none0 | No options. |
| httpOnly1 << 0 | Instructs the browser to disallow accessing the session ID from JavaScript. See_Also: Cookie.httpOnly |
| secure1 << 1 | Instructs the browser to disallow sending the session ID over unencrypted connections. By default, the type of the connection on which the session is started will be used to determine if secure or noSecure is used. See_Also: noSecure, Cookie.secure |
| noSecure1 << 2 | Instructs the browser to allow sending the session ID over unencrypted connections. By default, the type of the connection on which the session is started will be used to determine if secure or noSecure is used. See_Also: secure, Cookie.secure |
| noSameSiteStrict1 << 3 | Instructs the browser to allow sending this cookie along with cross-site requests. By default, the protection is strict. This flag allows to set it to lax. The strict value will prevent the cookie from being sent by the browser to the target site in all cross-site browsing context, even when following a regular link. |
Options altering how sessions are created.
Multiple values can be or'ed together.