Considering adding proprietary cookies good practices as Chrome make big changes on cookies in 2024

teotimepacreau commented 9 months ago

Prerequisites

[X] I have written a descriptive issue title
[X] I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

Third party cookies won't be supported anymore as 2024 Chrome said

Chrome recommend good practices even for proprietary cookies to ensure it continues to work for session but for now theses options are unsupported in fastify-secure-session :

secure: true
__Host-cookie-name=cookie-value
SameSite=Strict || Lax

Motivation

ensure session cookies for the plugin remain practicable

Example

app.register(fastifySecureSession, {
    **_secure: true,
    __Host-cookie-name=cookie-value
    SameSite=Strict_**
    cookieName: 'session',
    key: readFileSync(join(rootDir, 'secret-key')),
    cookie: {
        path: '/',
    }
})

mcollina commented 9 months ago

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.

Uzlopak commented 9 months ago

If somebody wants to implement this feature request, he/she should orientate himself/herself on the following PR of @fastify/session.

https://github.com/fastify/session/pull/226

fastify / fastify-secure-session

Considering adding proprietary cookies good practices as Chrome make big changes on cookies in 2024 #209

Prerequisites

🚀 Feature Proposal

Motivation

Example