JSON Configuration for Sessions
...
Default: *.crl
JSON key: cookie.not.for.uri
SameSite
If set to none, lax or scrict, the cookie attribute SameSite=None, SameSite=Strict or SameSite=Lax is added to the session cookies. This enables CSRF/XSRF attack protection - see https://tools.ietf.org/html/draft-west-first-party-cookies-07 for details.
Default: noneblank (as in not selected)
JSON key: cookie.samesite
...
In case a SessionResolverApiKey is added, this setting is used:
HTTP Header name for API key
Can be used to specify the name of the HTTP header to read the API key from.
...