andym
March 1, 2023, 5:41am
1
i’m trying to set the samesite
attribute on the cookies sent to a client on a phoenix application. based on the results i found i’m using the following code.
@session_options [
store: :cookie,
key: "key",
signing_salt: "slt",
same_site: "Lax"
]
plug Plug.Session, @session_options
however this does not see to set the samesite attribute on the cookie coming down to the browser.
t0t0
March 1, 2023, 1:43pm
2
Hi,
it works on my side:
With the same in my Endpoint:
@session_options [
store: :cookie,
# ...
same_site: "Lax",
]
# ...
plug Plug.Session, @session_options
Which version of Plug are you using? You need Plug >= 1.10.1 (you can, for example, check the output of mix deps
).
v1.10.1 (2020-05-15)
[Plug.Conn] Support :same_site
option when writing cookies
(which is already quite old)
Did you find a solution?
My session cookie response header looks like this:
set-cookie: QkP2sE5XTAXz1ZTeFBkbHpZePsFRkg+Vw68lNMIOALmMHaGztVPu5DGMFh6UrXxF=SFMyNTY.g3QAAAACbQAAAAtfY3NyZl90b2tlbm0AAAAYTkJJU0Z0WmlBMFNsaUNHNVA3cTBCVjVqbQAAAAN1aWRkAANuaWw.UcnBA4UmEQwyMQQKyEK5XBdfMq6fjqhgzo4L-H_ZM4I; path=/; HttpOnly
My session_options
are configures like this: same_site: "Strict"
.