Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions src/content/pages/en/resources/middleware/session.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,12 @@ More information about can be found in [the proposal](https://github.com/privacy
Specifies the value for the `Path` `Set-Cookie`. By default, this is set to `'/'`, which
is the root path of the domain.

Since 1.19.1, path matching follows [RFC 6265 section 5.1.4][rfc-6265-5.1.4]. This means
the session middleware will only activate when the request path is an exact match or falls
under a segment boundary of the cookie path. For example, a cookie path of `/admin` will
match `/admin` and `/admin/users` but will **not** match `/administrator`. Prior versions
used a simple prefix check that did not enforce segment boundaries.

##### cookie.priority

Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
Expand Down Expand Up @@ -1002,6 +1008,7 @@ On Windows, use the corresponding command;

[MIT](https://github.com/expressjs/session/blob/HEAD/LICENSE)

[rfc-6265-5.1.4]: https://datatracker.ietf.org/doc/html/rfc6265#section-5.1.4
[rfc-6265bis-03-4.1.2.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
[rfc-cutler-httpbis-partitioned-cookies]: https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/
[rfc-west-cookie-priority-00-4.1]: https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1
Expand Down