search

coreos / go-oidc

A Go OpenID Connect client.
Apache License 2.0
1.99k stars 400 forks source link

Setting SameSite on the session cookie? #398

Open eliben opened 1 year ago

eliben commented 1 year ago

The userinfo example stores state in a cookie but doesn't set a SameSite attribute on the cookie.

Is there a reason not to do so for better security?