search

coreos / go-oidc

A Go OpenID Connect client.
Apache License 2.0
1.95k stars 394 forks source link

Setting SameSite on the session cookie? #398

Open eliben opened 10 months ago

eliben commented 10 months ago

The userinfo example stores state in a cookie but doesn't set a SameSite attribute on the cookie.

Is there a reason not to do so for better security?