Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why express-session (SameSite atribute) isn't working on Chrome?

Tags:

javascript

node.js

express

session-cookies

express-session

I am developing a web app with Express.js and React.js. I am using express-session but it is not working. This is how i am using it:

app.use(session({
  store: new MongoStore({
    mongooseConnection: mongoose.connection,
    ttl: 365 * 24 * 60 * 60
  }),
  secret: process.env.SESSION_SECRET,
  resave: true,
  saveUninitialized: false,
  cookie: {
    maxAge: 24 * 60 * 60 * 1000,
    httpOnly: true, 
    secure: false,
    SameSite: 'strict',
  }
}));

I tried with "secure" in true, false, auto and all possibles combinations. And always had the same Chrome issue:

In a future version of the browser, cookies marked with SameSite=None must also be marked with Secure to allow setting them in a cross-site context. This behavior protects user data from being sent over an insecure connection. Resolve this issue by updating the attributes of the cookie: Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute. Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests

Does anyone knows how to solve it?

Thank you very much.

like image 546
Nicolas Urman Avatar asked Dec 14 '22 08:12

Nicolas Urman

2 Answers

SameSite: 'strict' is the issue! The first 'S' should be lowercase in JavaScript sameSite: 'strict'.

Also, if that doesn't solve your problem, could it be possible that it's not actually a same site request and you need to revise it to sameSite: none. I could be wrong, I don't know anything other than what you shared, but just wanted to throw that out just in case!

like image 148
ezg Avatar answered Dec 15 '22 23:12

ezg

There is an example with session, and mongoStore:

const session = require('express-session');
const MongoStore = require("connect-mongo")(session);
const mongoose = require('mongoose');

module.exports = session({
  secret: 'SuperSecret - (Change it)', //!settear una variable de entorno. 
  resave: false,
  saveUninitialized: true,
  cookie: {
    secure: true,
    httpOnly: true,
    sameSite: 'none',
    maxAge: 60 * 60 * 24 * 1000
  },
  store: new MongoStore({
    mongooseConnection: mongoose.connection,
    ttl: 24 * 60 * 60
  })
});
like image 39
ValRob Avatar answered Dec 15 '22 22:12

ValRob
Sign in to Comment

Related questions

Refresh Screen A when goBack with React Native using Hooks
How to reduce vue js build size with vuetify?
How to fix an extensive echoing while recording audio using navigator.mediaDevices.getUserMedia?
How to include vue app inside another vue app?
React-query: Show loading spinner while fetching data
flatten an array without using .flat();
How to use material community icons with react-native-vector-icons

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!