set SameSite to Lax on session cookies

[squeep-authentication-module] / lib / session-manager.js

diff --git a/lib/session-manager.js b/lib/session-manager.js
index a97a0e0fd3f0edf2ed897e89c9f565e41843525c..bd08eef26e7cc44d11473b53bfcd3a8a1e2f6e4f 100644 (file)
--- a/lib/session-manager.js
+++ b/lib/session-manager.js
@@ -51,6 +51,7 @@ class SessionManager {
     const cookieParts = [
       `${cookieName}=${secureSession}`,
       'HttpOnly',
+      'SameSite=Lax',
     ];
     if (this.options.authenticator.secureAuthOnly) {
       cookieParts.push('Secure');
@@ -345,4 +346,4 @@ class SessionManager {
 
 }
 
-module.exports = SessionManager;
\ No newline at end of file
+module.exports = SessionManager;