docs(auth): advise a minimal cookie config (#378)

* Added cookie minimal configuration in auth docs to prevent SessionCookie Using the default cookie config {}, the cookie expiration is set to "Session" which is not what people want went they deploy a website! Tried to help having a more complete doc on that side * up --------- Co-authored-by: Benjamin Canac <[email protected]>
nuxt-modules · Jan 13, 2024 · 0efe830 · 0efe830
1 parent 3d3f333
commit 0efe830
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/docs/content/4.auth.md b/docs/content/4.auth.md
@@ -5,6 +5,25 @@ description: Learn how to authenticate users with the strapi module in your Nuxt
 
 > This module exposes composables that are [auto-imported](https://nuxt.com/docs/guide/directory-structure/composables) by Nuxt 3.
 
+## Configuration
+
+When using `@nuxtjs/strapi` for authentication, the user jwt token will be stored in a cookie (`strapi_jwt` by default). By using the default cookie configuration, the expiration will be set to `Session`, which means the cookie will disappear when the browser is closed, and users will have to log in everytime.
+
+If you want your cookie to stay longer, we recommand to use the configuration below (expiration is set to 14 days, feel free to change it):
+
+```ts [nuxt.config.ts]
+export default defineNuxtConfig({
+  strapi: {
+    cookie: {
+      path: '/',
+      maxAge: 14 * 24 * 60 * 60,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: true
+    }
+  }
+})
+```
+
 ## `useStrapiUser`
 
 Once logged in, you can access your user everywhere:
@@ -15,7 +34,6 @@ const user = useStrapiUser()
 
 > Learn how to protect your routes by writing your own [auth middleware composable](/advanced#auth-middleware).
 
-
 ## `useStrapiToken`
 
 This composable is an helper to get the jwt token. It is used internally to get the `strapi_jwt` cookie.