More cookie options

Fixes #2085.

Documentation/Books/Manual/Foxx/Router/Response.mdpp

@@ -59,35 +59,35 @@ Sets a cookie with the given name.
 
   An object with any of the following properties:
 
+  * **ttl**: `number` (optional)
+
+    Time to live of the cookie in seconds.
+
+  * **algorithm**: `string` (Default: `"sha256"`)
+
+    Algorithm that will be used to sign the cookie.
+
   * **secret**: `string` (optional)
 
     Secret that will be used to sign the cookie.
 
     If a secret is specified, the cookie's signature will be stored in a second cookie with the same options, the same name and the suffix `.sig`. Otherwise no signature will be added.
 
-  * **algorithm**: `string` (Default: `"sha256"`)
+  * **path**: `string` (optional)
 
-    Algorithm that will be used to sign the cookie.
+    Path for which the cookie should be issued.
 
-  * **ttl**: `number` (optional)
+  * **domain**: `string` (optional)
 
-    Time to live of the cookie.
+    Domain for which the cookie should be issued.
 
-  * **path**: `number` (optional)
+  * **secure**: `boolean` (Default: `false`)
-
-    Path of the cookie.
-
-  * **domain**: `number` (optional)
-
-    Domain of the cookie.
-
-  * **secure**: `number` (Default: `false`)
 
     Whether the cookie should be marked as secure (i.e. HTTPS/SSL-only).
 
   * **httpOnly**: `boolean` (Default: `false`)
 
-    Whether the cookie should be marked as HTTP-only.
+    Whether the cookie should be marked as HTTP-only (rather than also exposing it to client-side code).
 
 If a string is passed instead of an options object it will be interpreted as the *secret* option.
 

Documentation/Books/Manual/Foxx/Sessions/Transports/Cookie.mdpp

@@ -51,4 +51,20 @@ Creates a [Transport](README.md) that can be used in the sessions middleware.
 
     Secret to use for the signed cookie. Will be ignored if no algorithm is provided.
 
+  * **path**: `string` (optional)
+
+    Path for which the cookie should be issued.
+
+  * **domain**: `string` (optional)
+
+    Domain for which the cookie should be issued.
+
+  * **secure**: `boolean` (Default: `false`)
+
+    Whether the cookie should be marked as secure (i.e. HTTPS/SSL-only).
+
+  * **httpOnly**: `boolean` (Default: `false`)
+
+    Whether the cookie should be marked as HTTP-only (rather than also exposing it to client-side code).
+
 If a string is passed instead of an options object, it will be interpreted as the *name* option.

Documentation/Books/Manual/ReleaseNotes/NewFeatures32.mdpp

@@ -57,3 +57,4 @@ Authentication
 Foxx
 ----
 
+The [cookie session transport](../Foxx/Sessions/Transports/Cookie.md) now supports all options supported by the [cookie method of the response object](../Foxx/Router/Response.md#cookie).

js/server/modules/@arangodb/foxx/sessions/transports/cookie.js

@@ -34,10 +34,23 @@ module.exports = function cookieTransport (cfg) {
   assert(!cfg.algorithm || cfg.secret, 'Must specify a secret when specifying an algorithm');
   const name = cfg.name || 'sid';
   const ttl = cfg.ttl || undefined;
-  const opts = cfg.secret ? {
+  const opts = {};
-    secret: cfg.secret,
+  if (cfg.secret) {
-    algorithm: cfg.algorithm
+    opts.secret = cfg.secret;
-  } : undefined;
+    opts.algorithm = cfg.algorithm;
+  }
+  if (cfg.path) {
+    opts.path = cfg.path;
+  }
+  if (cfg.domain) {
+    opts.domain = cfg.domain;
+  }
+  if (cfg.secure) {
+    opts.secure = cfg.secure;
+  }
+  if (cfg.httpOnly) {
+    opts.httpOnly = cfg.httpOnly;
+  }
   return {
     get(req) {
       return req.cookie(name, opts);