I have built a small web-app based on Prologue that is integrated with a legacy site in an iframe. The iframe "drops" the sessions since the sameSite is set to Lax, and if it's set to None, the secure flag must be set as well, which is impossible without exposing that parameter to the session init caller.
Running with these changes and an associated modification to the cookiejar package allows the web application to function as expected within an iframe.
I have built a small web-app based on Prologue that is integrated with a legacy site in an iframe. The iframe "drops" the sessions since the sameSite is set to Lax, and if it's set to None, the secure flag must be set as well, which is impossible without exposing that parameter to the session init caller.
Running with these changes and an associated modification to the cookiejar package allows the web application to function as expected within an iframe.