Learn how to securely store Crossmint Auth cookies in your application
@crossmint/server-sdk
.
httpOnly
flag only applies to the refresh token. The session JWT remains accessible to client-side JavaScript since it’s needed for API calls.
refreshRoute
and logoutRoute
options.