Which frontend SDK do you use?

supertokens-web-js / mobile

supertokens-auth-react

Cookies and Https

SuperTokens ensures that cookies are secured by enabling the secure flag when generating session cookies.

When set, the secure attribute limits the scope of the cookie to be attached only to secure domains. This results in the cookie only being attached to requests transmitted over https. This, in turn, prevents cookie theft via man in the middle attacks.

important

If not explicitly set, SuperTokens automatically determines the value for the secure attribute based on your API domain having http or https.

Explicitly setting the secure attribute

NodeJS

import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
    supertokens: {
        connectionURI: "...",
    },
    appInfo: {
        apiDomain: "...",
        appName: "...",
        websiteDomain: "..."
    },
    recipeList: [
        Session.init({
            cookieSecure: true,
        })
    ]
});

GoLang

import (
    "github.com/supertokens/supertokens-golang/recipe/session"
    "github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
    "github.com/supertokens/supertokens-golang/supertokens"
)

func main() {
    cookieSecure := true

    supertokens.Init(supertokens.TypeInput{
        RecipeList: []supertokens.Recipe{
            session.Init(&sessmodels.TypeInput{
                CookieSecure: &cookieSecure,
            }),
        },
    })
}

Python

from supertokens_python import init, InputAppInfo
from supertokens_python.recipe import session

init(
    app_info=InputAppInfo(api_domain="...", app_name="...", website_domain="..."),
    framework='...', 
    recipe_list=[
        session.init(
            cookie_secure=True
        )
    ]
)