cookieSession

Use cookieSession when an API authenticates with a login form and a cookie instead of a token, and you want the session captured, replayed, and refreshed for you — the stitch holds the login, the caller never touches a cookie.

Example

import { cookieSession, env, stitch } from 'stitchapi';

// The login is itself a stitch — its Set-Cookie response seeds the session.
const login = stitch({
    method: 'POST',
    baseUrl: 'https://api.example.com',
    path: '/login',
    bodyType: 'form',
});

const me = stitch({
    baseUrl: 'https://api.example.com',
    path: '/me',
    auth: cookieSession({
        login,
        cookie: '*',
        loginInput: () => ({
            body: { user: env('USER')(), pass: env('PASS')() },
        }),
        refreshOn: [401],
    }),
});

The first call to me() runs login once, captures its cookies, and replays them; a 401 afterward re-runs the login and retries, all behind the capability boundary.

Options

Point login at the stitch that authenticates, and pass loginInput to supply its credentials, resolved at call time with env().

cookie selects what to keep: a single cookie name, or '*' (equivalently jar: true) to capture and replay the whole Set-Cookie jar.

refreshOn re-runs the login on a status code (default [401]); refreshWhen re-runs it on a content predicate, for soft 200 walls where a login page is served with a 200. Give two stitches the same key plus a shared store to share one session. See Reference → Auth strategies for every field.

See also