How do I use cookies in express session - connect.sid will soon be rejected

Question

So in my app.js file I have this: app.use(session({secret: 'mySecret', resave: false, saveUninitialized: false}));

This works fine but comes up with a warning:

Cookie “connect.sid” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To learn more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies

Then it will randomly stop working. If I change session to this: app.use(session({secret: 'mySecret', resave: false, saveUninitialized: false, sameSite: true, cookie: {secure: true}}));it becomes undefined.

I am trying to save 2 different id's: req.session.qrID and req.session.visitID;

It is used in a number of post requests. What can I do to make this work?

Answer 1

I've just googled this warning i saw in the console and got here LOL. It's actually related to express session cookie cross site policy that is set, more info here under cookie.sameSite http://expressjs.com/en/resources/middleware/session.html

I got rid of mine by setting it to strict but you can also set it to none if you want

app.use(
session({
    secret: process.env.SESSION_SECRET!,
    resave: false,
    saveUninitialized: false,
    cookie: { sameSite: 'strict' },
  }),
);