setCookie()
Sets a Set-Cookie response header from a server event handler.
Syntax
setCookie(event, name, value, options?)Parameters
| Name | Type | Required | Description |
|---|---|---|---|
event | H3Event | Yes | The request event. |
name | string | Yes | Cookie name. |
value | string | Yes | Cookie value. |
options | CookieSerializeOptions | No | `maxAge`, `expires`, `path`, `domain`, `httpOnly`, `secure`, `sameSite`. |
Returns
void — Appends a Set-Cookie header to the response.
Examples
// server/api/login.post.ts
export default defineEventHandler(async (event) => {
const token = await authenticate(event)
setCookie(event, 'token', token, {
httpOnly: true,
secure: true,
sameSite: 'lax',
maxAge: 60 * 60 * 24 * 7,
})
return { ok: true }
})
export default defineEventHandler((event) => {
setCookie(event, 'theme', 'dark', { path: '/' })
return 'set'
})
Notes
Set `httpOnly: true` for session/auth cookies so client JS cannot
read them. On the client side use `useCookie`. To delete a cookie use
`deleteCookie(event, name)` or set `maxAge: 0`.