samesite-examples icon indicating copy to clipboard operation
samesite-examples copied to clipboard

Published 20 hours ago verified publisher icon GoogleChromeLabs

Rack::Session::Cookie example please

Open megazoic opened this issue 5 years ago • 2 comments
trafficstars

Firefox (76.0.1) gives me this error Cookie “rack.session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. when I set up my config.ru with...

use Rack::Session::Cookie,
        :key          => 'rack.session', 
        :httponly     => true,
        :same_site    => :strict,
        :path         => '/',
        :expire_after => 86400,
        :secret       => ENV.fetch('SESSION_SECRET')

I'm not finding any substantive hits on a google search. Thanks for what you guys are doing!

megazoic avatar May 14 '20 18:05 megazoic

I'm not super familiar with Rails, but looking around your configuration does look correct - as in, I would expect this to add SameSite=Strict to your Set-Cookie header. Can you check DevTools to see what attributes are set on the cookie? Can you also confirm the version of Rails that you are using? For example, support for SameSite=None was added somewhere around version 6.

rowan-m avatar May 15 '20 09:05 rowan-m

Thanks Rowan, and sorry for the delay in responding. It looks like as you said, the cookie is set for samesite strict. Not sure why Firefox is giving me this error in the console. My application is not rails but Ruby Sinatra running on Rack. I'll look into bringing this up on a Mozilla forum.

megazoic avatar May 19 '20 21:05 megazoic