Open Mai-Lapyst opened 1 week ago
There is a secure setter in the Cookie class
Cookie cookie("key", "value");
cookie.setSameSite(SameSite::kLax);
cookie.setSecure(true);
Edit: You mean Drogon's built-in sessions?
Yeah I believe you mean Drogon sessions, it's not available right now, we can work on adding it in the config with an entry called "session_secure"
Yeah, my bug report is for session cookies i.e. the cookies set to provoide functionality to HttpRequestPtr req; req->session();
, and activated by drogon::app().enableSession(24h, SameSite::kLax, "SOME_SESS_COOKIE");
.
Describe the bug There is no way of setting a session to secure.
To Reproduce
Lax
or anything other thanNone
Set-Cookie
headerExpected behavior That a session cookie is by default, or can be set, to have the
Secure
attribute.