Merge pull request #56 from AlexCuse/patch-1

cainlevy · web-flow · commit a220db2dcba4 · 2023-05-06T08:31:43.000-07:00
docs: include useExplicitExpiry option in README
diff --git a/README.md b/README.md
@@ -12,7 +12,8 @@ KeratinAuthN offers two persistence modes, each useful to a different type of ap
 
 1. **LocalStorage:** Configuring `setLocalStorageStore(name: string)` adds localStorage-backed persistence. This is useful for client-side applications that do not rely on server-side rendering to generate a personalized page. The client is responsible for reading from `KeratinAuthN.session()` and adding the session token to any backend API requests, probably as a header.
 
-2. **Cookie:** Configuring `setCookieStore(name: string, opts?: object)` adds support for cookie-backed persistence. This is useful for applications that rely on server-side rendering, but also requires the application to implement CSRF protection mechanisms. By passing an additional object to `setCookieStore(...)` it is also possible to configure the cookies path and SameSite attributes. For example, `setCookieStore("authn-token", {path: "/admin", sameSite: "Strict"})` will restrict the cookie to `/admin` and will exclude it from third-party top-level navigations. If `sameSite` is not provided the browser will choose it's default value.
+
+2. **Cookie:** Configuring `setCookieStore(name: string, opts?: object)` adds support for cookie-backed persistence. This is useful for applications that rely on server-side rendering, but also requires the application to implement CSRF protection mechanisms. By passing an additional object to `setCookieStore(...)` it is also possible to configure the cookies path and SameSite attributes, along with whether an explicit expiration is written for the cookie. For example, `setCookieStore("authn-token", {path: "/admin", sameSite: "Strict", useExplicitExpiry: true })` will restrict the cookie to `/admin` with an explicit expiration derived from the session's `exp` claim  and exclude it from third-party top-level navigations. If `sameSite` is not provided the browser will choose it's default value.  If `useExplicitExpiry` is not provided default behavior is to write a session cookie.
 
 ## Installation
 
