re: Express.js, Cookies, Sessions, OAuth, and Redirects VIEW POST

re: Didn't know that was a thing? Where do I set that option?

I'm not an Express.js user, but according to you can set sameSite: 'lax' instead of true/false.

When SameSite is "Strict" then cookies are only sent on requests that come from the same origin, which means they are not sent when following links or redirects. With "lax" then they are also sent on those cases. It's a bit less secure, but as you can see the strict mode tends to break things.

Update the post accordingly. Thanks for the pointer.

code of conduct - report abuse