Why am I getting "Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute"?

cookies express-session
Squirrl picture Squirrl · Aug 5, 2020 · Viewed 9k times · Source

In a Chrome warning it says "Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use." How do I do this correctly using express-session?

app.use(
  cors({
    credentials: true,
    origin: ["http://localhost:3000", "https://elated-jackson-28b73e.netlify.app"] //Swap this with the client url 
  })
);
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
  sess.cookie.sameSite = 'none'
}

app.use(session(sess))

Answer

Related questions

Get cookie with react

I need to know if my user is connected or not. For that I want to read the cookies that I set in the server side with express-session : app.post('/connect_user', (req, res) => { req.session.cookie.username = …

Read More
node express, how to clear cookie after log out

Basically i'm doing redirect from a.example.com to www.example.com and i expect to be able to delete cookies on www.example.com (because cookie is created with .example.com as the cookie domain), but following code doesn't …

Read More
How do I set/unset a cookie with jQuery?

How do I set and unset a cookie using jQuery, for example create a cookie named test and set the value to 1?

Read More