I want the passport cookies to be sent with sameSite='none' and secure=true to bypass the sameSite restrictions enforced by the recent Chrome update. But when I set the sameSite and secure options in express-session or cookie-session, req.session no longer persists the passport state. And req.user is also no longer set.
The passport works on localhost when sameSite and secure are not set. But fails when I deploy the front end and back end to Heroku. I know Heroku deploys to https secured websites, which is one possible reason for this issue.
Does anyone know what I can do to get around this? I just want to deploy an app with Google authentication but this sameSite restriction is really messing up my production deploy.
I want the passport cookies to be sent with sameSite='none' and secure=true to bypass the sameSite restrictions enforced by the recent Chrome update. But when I set the sameSite and secure options in express-session or cookie-session, req.session no longer persists the passport state. And req.user is also no longer set.
The passport works on localhost when sameSite and secure are not set. But fails when I deploy the front end and back end to Heroku. I know Heroku deploys to https secured websites, which is one possible reason for this issue.
Does anyone know what I can do to get around this? I just want to deploy an app with Google authentication but this sameSite restriction is really messing up my production deploy.