TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/nuxt-alt/auth/llms.txt
Use this file to discover all available pages before exploring further.
cookie scheme extends LocalScheme for backends that manage authentication state through session cookies rather than returning a token in the response body. Instead of reading a token from the login response, the scheme relies on the browser cookie jar to maintain the session. It optionally issues a CSRF preflight request before login — making it a natural fit for backends like Laravel Sanctum, Django’s session auth, or any server that sets a session cookie on successful login.
Configuration
nuxt.config.ts
Cookie Options
The name of the browser cookie used to determine whether the user has an active session. When set, the scheme inspects
document.cookie (or the server-side cookie store during SSR) for a cookie with this name before treating the session as valid. When undefined, the scheme skips the cookie check and considers any successful login as authenticated.Default: undefinedEndpoints
A request made before the login call to obtain a CSRF token. The backend typically sets an
XSRF-TOKEN cookie in this response which the HTTP client then reads and attaches as a header on subsequent mutating requests. Set to false to skip the CSRF preflight entirely.Default: falseThe login endpoint. After an optional CSRF request, credentials are posted here. Inherited from
LocalScheme.Default: { url: '/api/auth/login', method: 'post' }The logout endpoint. Set to
false to clear local state only without calling the server. Inherited from LocalScheme.Default: { url: '/api/auth/logout', method: 'post' }The user info endpoint. Set to
false to skip the user fetch. Inherited from LocalScheme.Default: { url: '/api/auth/user', method: 'get' }An optional base URL override for all scheme endpoints. Useful when your session API lives on a different origin from the Nuxt app.Default:
undefinedToken Options (Defaults for Cookie Scheme)
The cookie scheme ships with the token system disabled by default so that purely session-based backends work out of the box:| Option | Default |
|---|---|
token.type | false |
token.property | '' |
token.maxAge | false |
token.global | false |
token.required | false |
token.type is truthy, the cookie scheme delegates to the full LocalScheme token lifecycle — storing the token, attaching it to requests, and respecting expiry.
User Options (Defaults for Cookie Scheme)
| Option | Default |
|---|---|
user.property | false |
user.autoFetch | true |
user.property to false means the entire user endpoint response body is treated as the user object, which matches frameworks like Laravel where /api/user returns the user directly.
Usage
Login with session cookies
Manually setting the user after login
Whenendpoints.user is set to false, populate the user object yourself:
The
laravelSanctum provider pre-configures the cookie scheme with sensible defaults for Laravel Sanctum, including the CSRF endpoint and cookie name. See the Laravel Sanctum provider page for a ready-to-use setup.