using POST request will require lax session handling

[BooVeMan]

Using the this strategy in conjunction with omniauth 2.0 will fail wehen using the recommended POST request towards twitter as the session will be lost when returning to the callback (e.g. session["oauth"]will be nil). The only way I found to fix this is to set the same_site policy to :lax. I do this by hooking into the before_request_phase callback:

OmniAuth.config.before_request_phase do |env|
  # twitter using post will require lax session handling
  if env["omniauth.strategy"]&.name == "twitter"
    env["rack.session"].instance_variable_get(:@by).instance_variable_set(:@same_site, :lax)
  end
end

and resetting it in the callback:

    def twitter
      # reset to strict session handling
      session.instance_variable_get(:@by).instance_variable_set(:@same_site, :strict)
      ... handle callback ...
    end

this seems very brittle and hackish, any other solution?