mozilla / node-client-sessions

secure sessions stored in cookies
Mozilla Public License 2.0
759 stars 104 forks source link

SameSite support #143

Open xacx opened 4 years ago

xacx commented 4 years ago

Are there plans for sameSite support for chrome 80 or is it alreay supported?

xacx commented 4 years ago

sameSite=none is not supported until package.json is updated. Temporary workaroud avaialble is cd node_modules/client-sessions npm install cookies@0.8.0

jcheng5 commented 4 years ago

This is pretty important now :grimacing:

drc-tjuszczyk commented 4 years ago

@jcheng5 @xacx Can anyone still confirm that the cookies update is the only thing needed?

jcheng5 commented 4 years ago

Yep--#142 works for me. (You do need to include cookie: {sameSite: "none"} in your session() options if you want that to be set, in case that wasn't obvious)

drc-tjuszczyk commented 4 years ago

the documentation just says it's "true" by default or something so no, it was no obvious lol. Thank you!

jcheng5 commented 4 years ago

I mean, that's assuming that you do want your cookies to have SameSite=None. And if you do, you probably also need to use https://www.npmjs.com/package/should-send-same-site-none.

xacx commented 4 years ago

FYI, Chrome has rolled back the change https://blog.chromium.org/2020/04/temporarily-rolling-back-samesite.html

vit100 commented 4 years ago

My buddy forked this repo and updated packages.json. If interested here it is: https://github.com/nvanexan/node-client-sessions

and here is npm package: @nvanexan/node-client-sessions