Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Secure flag is ignored #181

Open
hk-skit opened this issue Jun 18, 2024 · 0 comments
Open

Secure flag is ignored #181

hk-skit opened this issue Jun 18, 2024 · 0 comments

Comments

@hk-skit
Copy link

hk-skit commented Jun 18, 2024
edited
Loading

I have following setup for cookie session middleware in my express app:

app.use(
  cookieSession({
    name: '__session',
    keys: [env.COOKIE_SIGNING_SECRET],
    maxAge: COOKIE_MAX_AGE,
    sameSite: 'none',
    httpOnly: true,
    secure: false,
    signed: true,
  })
);

When a request is made from client, the response doesn't have Secure attribute in Set Cookie header. Please refer to attached screenshot for more details.

image

Because of the missing Secure attribute chrome doesn't store the cookie. It works fine in Safari and Firefox. How do i set the value of secure attribute?

Thanks.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hk-skit