i’m trying to set the samesite attribute on the cookies sent to a client on a phoenix application. based on the results i found i’m using the following code.
@session_options [
store: :cookie,
key: "key",
signing_salt: "slt",
same_site: "Lax"
]
plug Plug.Session, @session_options
however this does not see to set the samesite attribute on the cookie coming down to the browser.
Hi,
it works on my side:
With the same in my Endpoint:
@session_options [
store: :cookie,
# ...
same_site: "Lax",
]
# ...
plug Plug.Session, @session_options
Which version of Plug are you using? You need Plug >= 1.10.1 (you can, for example, check the output of mix deps).
v1.10.1 (2020-05-15)
- [Plug.Conn] Support
:same_siteoption when writing cookies
(which is already quite old)
i’m actually using
{:plug_cowboy, "~> 2.5"}
Did you find a solution?
My session cookie response header looks like this:
set-cookie: QkP2sE5XTAXz1ZTeFBkbHpZePsFRkg+Vw68lNMIOALmMHaGztVPu5DGMFh6UrXxF=SFMyNTY.g3QAAAACbQAAAAtfY3NyZl90b2tlbm0AAAAYTkJJU0Z0WmlBMFNsaUNHNVA3cTBCVjVqbQAAAAN1aWRkAANuaWw.UcnBA4UmEQwyMQQKyEK5XBdfMq6fjqhgzo4L-H_ZM4I; path=/; HttpOnly
My session_options are configures like this: same_site: "Strict".
© Copyright Elixir Forum | Terms | Privacy & Cookies
