Skip to content

Cookie

Cookies are an easy way to store stateful information into the user browser. Thus, it is more useful for browser-based navigation (e.g. a front-end app making API requests) rather than pure API interaction.

Configuration

from fastapi_users.authentication import CookieAuthentication

SECRET = "SECRET"

auth_backends = []

cookie_authentication = CookieAuthentication(secret=SECRET, lifetime_seconds=3600)

auth_backends.append(cookie_authentication)

As you can see, instantiation is quite simple. You just have to define a constant SECRET which is used to encode the token and the lifetime of the cookie (in seconds).

You can also define the parameters for the generated cookie:

  • cookie_name (fastapiusersauth): Name of the cookie.
  • cookie_path (/): Cookie path.
  • cookie_domain (None): Cookie domain.
  • cookie_secure (True): Whether to only send the cookie to the server via SSL request.
  • cookie_httponly (True): Whether to prevent access to the cookie via JavaScript.
  • cookie_samesite (lax): A string that specifies the samesite strategy for the cookie. Valid values are 'lax', 'strict' and 'none'. Defaults to 'lax'.

Tip

You can also optionally define the name. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. Defaults to cookie.

cookie_authentication = CookieAuthentication(
    secret=SECRET,
    lifetime_seconds=3600,
    name="my-cookie",
)

Tip

The value of the cookie is actually a JWT. This authentication backend shares most of its logic with the JWT one.

Login

This method will return a response with a valid set-cookie header upon successful login:

200 OK

Check documentation about login route.

Logout

This method will remove the authentication cookie:

200 OK

Check documentation about logout route.

Authentication

This method expects that you provide a valid cookie in the headers.

Next steps

We will now configure the main FastAPI Users object that will expose the routers.