| connector | false | - | - | - |
| cookiePrefix | false | randomly chosen 8-character long string. | - | - |
| domain | false | - | - | - |
| expiresAfterSeconds | false | - | - | - |
| httpOnly | false | - | - | - |
| issuer | false | - | - | - |
| sameSite | false | - | - | - |
| secure | false | false | forces secure cookie attribute even when no ssl context is present (e.g. TLS termination in front of membrane) | - |
| sessionCookie | false | false | if true removes the expire part of a set cookie header and thus makes it a session cookie | - |
| ttlExpiryRefreshOnAccess | false | true | controls if the expiry refreshes to expiresAfterSeconds on access (true) or if it should not refresh (false) | - |