Open websocket98765 opened 2 years ago
Possible solution would be to have add something like this to the config:
cookie: {
maxAge: 1234, // jwtExpires and cookie probably should be set the same automatically
sameSite: 'Strict', // 'Lax' is the browser default if unspecified according to Mozilla link above
secure: dev ? false : true // defaults to false; dev would use `dev ? true : false` as the value most likely.
}
Relevant line in sk-auth: https://github.com/Dan6erbond/sk-auth/blob/4bf8cc9fa025df6e75505142f1aa7be67cdca139/src/auth.ts#L133
Maybe also relevant? Do JWT and cookie need to be set to the same expiration? https://github.com/Dan6erbond/sk-auth/blob/4bf8cc9fa025df6e75505142f1aa7be67cdca139/src/auth.ts#L100