Use strict sameSite cookies

2025-11-11 10:56:20 +00:00 · 2022-09-06 02:36:19 -07:00
parent 5ace3d9996
commit 9466ed692b
1 changed files with 2 additions and 1 deletions
--- a/server/app.js
+++ b/server/app.js
@@ -36,7 +36,8 @@ app.use(session({
  store: new FileStore(fileStoreOptions),
  secret: sessionSecret,
  resave: true,
-  saveUninitialized: true
+  saveUninitialized: true,
+  cookie: { sameSite: 'strict' }
 }))
 app.use((req, res, next) => {
  const msgs = req.session.messages || []