Sessions
To enable support for sessions and CSRF tokens to a database, in your settings.<env>.json
file add the "sessions": true
flag to a database config object:
/settings.development.json
{
"config": {
"databases": [
{
"provider": "mongodb",
"sessions": true,
"options": {}
}
],
...
},
"global": {},
"public": {},
"private": {}
}
Once added, a CSRF token will automatically be injected into all pages rendered via res.render() and validated on all getter and setter requests.