---
title: PersistentCookieDecision
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-persistentcookiedecision
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-persistentcookiedecision.html
section_ids:
sec-amster-entity-persistentcookiedecision-realm-ops: Realm Operations
sec-amster-entity-persistentcookiedecision-realm-ops-create: create
sec-amster-entity-persistentcookiedecision-realm-ops-delete: delete
sec-amster-entity-persistentcookiedecision-realm-ops-gettype: getType
sec-amster-entity-persistentcookiedecision-realm-ops-getupgradedconfig: getUpgradedConfig
sec-amster-entity-persistentcookiedecision-realm-ops-query: query
sec-amster-entity-persistentcookiedecision-realm-ops-read: read
sec-amster-entity-persistentcookiedecision-realm-ops-update: update
sec-amster-entity-persistentcookiedecision-realm-ops-versioninfo: versionInfo
---
# PersistentCookieDecision
## Realm Operations
Resource path:
```
/realm-config/authentication/authenticationtrees/nodes/PersistentCookieDecisionNode/1.0
```
Resource version: `3.0`
### create
**Usage**
```
am> create PersistentCookieDecision --realm Realm --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"sameSite" : {
"title" : "Persistent Cookie SameSite attribute",
"description" : "Sets the same site attribute of the persistent cookie. This value controls when a browser sends the cookie in cross-site requests. Possible values include:
* `STRICT`: The cookie is only sent when navigating within the same site. It's not sent on any cross-site requests, even for top-level navigations.
* `LAX`: The cookie is sent on same-site requests and top-level navigations. It's not sent on subresource requests (like images or scripts loaded from a third-party site).
* `NONE`: There are no restrictions on the cookie domain.",
"propertyOrder" : 700,
"type" : "string",
"exampleValue" : ""
},
"useHttpOnlyCookie" : {
"title" : "Use HTTP Only Cookie",
"description" : "Sets the persistent cookie as \"HttpOnly\".",
"propertyOrder" : 400,
"type" : "boolean",
"exampleValue" : ""
},
"hmacSigningKey" : {
"title" : "HMAC Signing Key",
"description" : "Base64-encoded 256-bit key to use for HMAC signing of the cookie. This property is deprecated. Use the HMAC Signing Key Secret Label Identifier instead. The signing key is ignored if you set an HMAC Signing Key Secret Label Identifier.",
"propertyOrder" : 500,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"idleTimeout" : {
"title" : "Idle Timeout",
"description" : "The maximum idle time between requests before the cookie is invalidated, in hours.",
"propertyOrder" : 100,
"type" : "integer",
"exampleValue" : ""
},
"hmacSigningKeySecretLabelIdentifier" : {
"title" : "HMAC Signing Key Secret Label Identifier",
"description" : "Identifier used to create a secret label for mapping to a secret in a secret store.
AM uses this identifier to create a specific secret label for this node. The secret label takes the form am.authentication.nodes.persistentcookie.{{identifier}}.signing where {{identifier}} is the value of HMAC Signing Key Secret Label Identifier. The identifier can only contain characters {{a-z}} {{A-Z}} {{0-9}} {{.}} and cannot start or end with {{.}}. If you set an HMAC Signing Key Secret Label Identifier and AM finds a matching secret in a secret store, the HMAC Signing Key is ignored.",
"propertyOrder" : 550,
"type" : "string",
"exampleValue" : ""
},
"enforceClientIp" : {
"title" : "Enforce Client IP",
"description" : "Enforces that the persistent cookie can only be used from the same client IP to which the cookie was issued.",
"propertyOrder" : 200,
"type" : "boolean",
"exampleValue" : ""
},
"persistentCookieName" : {
"title" : "Persistent Cookie Name",
"description" : "The name of the persistent cookie.",
"propertyOrder" : 600,
"type" : "string",
"exampleValue" : ""
},
"useSecureCookie" : {
"title" : "Use Secure Cookie",
"description" : "Sets the persistent cookie as \"Secure\". This will be ignored and set to true if SameSite is set to \"NONE\".",
"propertyOrder" : 300,
"type" : "boolean",
"exampleValue" : ""
}
},
"required" : [ "sameSite", "useHttpOnlyCookie", "idleTimeout", "enforceClientIp", "persistentCookieName", "useSecureCookie" ]
}
```
### delete
**Usage**
```
am> delete PersistentCookieDecision --realm Realm --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### getType
List information related to the node such as a name, description, tags and metadata.
**Usage**
```
am> action PersistentCookieDecision --realm Realm --actionName getType
```
### getUpgradedConfig
Get the upgraded configuration for the node type.
**Usage**
```
am> action PersistentCookieDecision --realm Realm --body body --actionName getUpgradedConfig --targetVersion targetVersion
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"title" : "The current configuration of the node type."
}
```
* *\--targetVersion*
\=== listOutcomes
List the available outcomes for the node type.
**Usage**
```
am> action PersistentCookieDecision --realm Realm --body body --actionName listOutcomes
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"description" : "Some configuration of the node. This does not need to be complete against the configuration schema.",
"type" : "object",
"title" : "Node configuration"
}
```
### query
Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.
**Usage**
```
am> query PersistentCookieDecision --realm Realm --filter filter
```
**Parameters**
* *\--filter*
A CREST formatted query filter, where "true" will query all.
### read
**Usage**
```
am> read PersistentCookieDecision --realm Realm --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### update
**Usage**
```
am> update PersistentCookieDecision --realm Realm --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"sameSite" : {
"title" : "Persistent Cookie SameSite attribute",
"description" : "Sets the same site attribute of the persistent cookie. This value controls when a browser sends the cookie in cross-site requests. Possible values include:
* `STRICT`: The cookie is only sent when navigating within the same site. It's not sent on any cross-site requests, even for top-level navigations.
* `LAX`: The cookie is sent on same-site requests and top-level navigations. It's not sent on subresource requests (like images or scripts loaded from a third-party site).
* `NONE`: There are no restrictions on the cookie domain.",
"propertyOrder" : 700,
"type" : "string",
"exampleValue" : ""
},
"useHttpOnlyCookie" : {
"title" : "Use HTTP Only Cookie",
"description" : "Sets the persistent cookie as \"HttpOnly\".",
"propertyOrder" : 400,
"type" : "boolean",
"exampleValue" : ""
},
"hmacSigningKey" : {
"title" : "HMAC Signing Key",
"description" : "Base64-encoded 256-bit key to use for HMAC signing of the cookie. This property is deprecated. Use the HMAC Signing Key Secret Label Identifier instead. The signing key is ignored if you set an HMAC Signing Key Secret Label Identifier.",
"propertyOrder" : 500,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"idleTimeout" : {
"title" : "Idle Timeout",
"description" : "The maximum idle time between requests before the cookie is invalidated, in hours.",
"propertyOrder" : 100,
"type" : "integer",
"exampleValue" : ""
},
"hmacSigningKeySecretLabelIdentifier" : {
"title" : "HMAC Signing Key Secret Label Identifier",
"description" : "Identifier used to create a secret label for mapping to a secret in a secret store.
AM uses this identifier to create a specific secret label for this node. The secret label takes the form am.authentication.nodes.persistentcookie.{{identifier}}.signing where {{identifier}} is the value of HMAC Signing Key Secret Label Identifier. The identifier can only contain characters {{a-z}} {{A-Z}} {{0-9}} {{.}} and cannot start or end with {{.}}. If you set an HMAC Signing Key Secret Label Identifier and AM finds a matching secret in a secret store, the HMAC Signing Key is ignored.",
"propertyOrder" : 550,
"type" : "string",
"exampleValue" : ""
},
"enforceClientIp" : {
"title" : "Enforce Client IP",
"description" : "Enforces that the persistent cookie can only be used from the same client IP to which the cookie was issued.",
"propertyOrder" : 200,
"type" : "boolean",
"exampleValue" : ""
},
"persistentCookieName" : {
"title" : "Persistent Cookie Name",
"description" : "The name of the persistent cookie.",
"propertyOrder" : 600,
"type" : "string",
"exampleValue" : ""
},
"useSecureCookie" : {
"title" : "Use Secure Cookie",
"description" : "Sets the persistent cookie as \"Secure\". This will be ignored and set to true if SameSite is set to \"NONE\".",
"propertyOrder" : 300,
"type" : "boolean",
"exampleValue" : ""
}
},
"required" : [ "sameSite", "useHttpOnlyCookie", "idleTimeout", "enforceClientIp", "persistentCookieName", "useSecureCookie" ]
}
```
### versionInfo
List the versions available for the node type.
**Usage**
```
am> action PersistentCookieDecision --realm Realm --actionName versionInfo
```