projects / squeep-authentication-module / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
set SameSite to Lax on session cookies
[squeep-authentication-module] / lib / authenticator.js
diff --git a/lib/authenticator.js b/lib/authenticator.js
index c388ee883c60bb0fa79380696b87b9894528d209..0c0c349b7288af20f0fc7df421c91aeddd61a3dc 100644 (file)
--- a/lib/authenticator.js
+++ b/lib/authenticator.js
@@ -266,8 +266,9 @@ class Authenticator {
       const cookieParts = [
         sessionCookie,
         'HttpOnly',
-        `Path=${this.options.dingus.proxyPrefix}/`,
         `Max-Age=${this.cookieLifespan}`,
+        'SameSite=Lax',
+        `Path=${this.options.dingus.proxyPrefix}/`,
       ];
       if (this.options.authenticator.secureAuthOnly) {
         cookieParts.push('Secure');
@@ -282,6 +283,7 @@ class Authenticator {
         `${Enum.SessionCookie}=""`,
         'HttpOnly',
         'Max-Age=0',
+        'SameSite=Lax',
         `Path=${this.options.dingus.proxyPrefix}/`,
       ];
       if (this.options.authenticator.secureAuthOnly) {
@@ -385,4 +387,4 @@ class Authenticator {
 
 }
 
-module.exports = Authenticator;
\ No newline at end of file
+module.exports = Authenticator;
Node module for authenticating sessions in Squeep Framework Applications.