fix: use same site lax mode to allow setting cooking on redirect

author: mo khan <mo@mokhan.ca> 2025-05-07 10:55:44 -0700
committer: mo khan <mo@mokhan.ca> 2025-05-07 10:55:44 -0700
commit: 33cbe7654c9e04a9e176c246ae66c7b1e15100cb (patch)
tree: f9c5d530ac1ec72349c279b6019bff2ff34bf6fb /app/controllers/sessions
parent: 15c72d0fa5b973cdef599b5d8563606e321efd54 (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go
index 77a30fd..5681f65 100644
--- a/app/controllers/sessions/controller.go
+++ b/app/controllers/sessions/controller.go
@@ -139,7 +139,12 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	cookie.Write(w, web.NewCookie("session", encoded, cookie.WithExpiration(tokens.Expiry)))
+	cookie.Write(w, web.NewCookie(
+		"session",
+		encoded,
+		cookie.WithExpiration(tokens.Expiry),
+		cookie.WithSameSite(http.SameSiteLaxMode),
+	))
 	http.Redirect(w, r, "/dashboard", http.StatusFound)
 }
 
diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go
index a1158da..43cd0b9 100644
--- a/app/controllers/sessions/controller_test.go
+++ b/app/controllers/sessions/controller_test.go
@@ -156,7 +156,7 @@ func TestSessions(t *testing.T) {
 				assert.Equal(t, "/", cookie.Path)
 				assert.Equal(t, "localhost", cookie.Domain)
 				assert.Equal(t, "session", cookie.Name)
-				assert.Zero(t, cookie.SameSite)
+				assert.Equal(t, http.SameSiteLaxMode, cookie.SameSite)
 				assert.Equal(t, x.Must(time.Parse(time.RFC3339, tokens["expiry"].(string))).Unix(), cookie.Expires.Unix())
 				assert.True(t, cookie.HttpOnly)
 				assert.True(t, cookie.Secure)
author	mo khan <mo@mokhan.ca>	2025-05-07 10:55:44 -0700
committer	mo khan <mo@mokhan.ca>	2025-05-07 10:55:44 -0700
commit	33cbe7654c9e04a9e176c246ae66c7b1e15100cb (patch)
tree	f9c5d530ac1ec72349c279b6019bff2ff34bf6fb /app/controllers/sessions
parent	15c72d0fa5b973cdef599b5d8563606e321efd54 (diff)