re: Express.js, Cookies, Sessions, OAuth, and Redirects VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Didn't know that was a thing? Where do I set that option?
 

I'm not an Express.js user, but according to expressjs.com/en/changelog/4x.html you can set sameSite: 'lax' instead of true/false.

When SameSite is "Strict" then cookies are only sent on requests that come from the same origin, which means they are not sent when following links or redirects. With "lax" then they are also sent on those cases. It's a bit less secure, but as you can see the strict mode tends to break things.

👍
Update the post accordingly. Thanks for the pointer.

code of conduct - report abuse