You may need to change the session's name (default is PHPSESSID).

To make such a change, you can use the following configuration directive :

[sessions]
name = "mysession"

NB : only alpha-numeric chars are allowed.

Storing session files in default path may not be a good idea, as that path is often worldwide readable/writable, like /tmp/ for example.

To make jSession store sessions in your own defined path:

  [sessions]
  storage = "files"
  files_path = "app:var/sessions/"

NB : app: and lib: keywords are converted.

You may need to store your sessions in data, for example when you are doing load-balancing with multiple front servers. In this case, jSession uses jDao:

  [sessions]
  storage = "dao"
  dao_selector = "jelix~jsession"
  dao_db_profile = ""

A default dao is provided in the jelix module. The selector is jelix~jsession.

When you install your application, if the configuration is set correctly, Jelix will create a table in your SQL database. During the development, you can execute on of these SQL script to create the table: lib/jelix/core-modules/jelix/install/sql/install_jsession.schema.*.

Here is the table:

CREATE TABLE  IF NOT EXISTS `jsessions` (
  `id` varchar(64) NOT NULL,
  `creation` datetime NOT NULL,
  `access` datetime NOT NULL,
  `data` longblob NOT NULL,
  PRIMARY KEY  (`id`)
) DEFAULT CHARSET=utf8;

It is possible to secure the session cookie, with these configuration parameters:

[sessions]
; ...
cookieSecure=off
cookieHttpOnly=on
cookieExpires=0
cookieSameSite=

They correspond to respectively cookie parameters secure, httponly, expires and samesite. See documentation of the Set-Cookie header.