Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Not able to override current connect.sid with samesite: none without losing session
See original GitHub issuecurrently, I have connect.sid with no samesite value, want to override it with samesite as none without losing the session.
let cookieObj = {
maxAge: 180000,
expires: new Date(new Date().getTime()+180000),
secure: true
}
app.use(session({
cookie: cookieObj,
secret: 'abcdefght',
resave: true,
rolling: true,
saveUninitialized: true,
store: new redisStore({client: client}) // redis client
}));
this is my current session manager, in cookieObj i have added samesite now,
let cookieObj = {
maxAge: 180000,
expires: new Date(new Date().getTime()+180000),
secure: true,
sameSite: "none"
}
this is not updating the current cookie, for new sessions it is working properly. I tried updating cookie by res.cookie() new object from * route, its updating the cookie but after redirecting from payment page session is getting remove.
Help me to update the current cookie without losing session
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:5 (4 by maintainers)
Top Results From Across the Web
How do I use cookies in express session - connect.sid will ...
If I change session to this: app. use(session({secret: 'mySecret', resave: false, saveUninitialized: false, sameSite: true, cookie: {secure: ...
Read more >SameSite cookies - HTTP - MDN Web Docs
The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected. Set-Cookie: flavor=choco; SameSite ...
Read more >Express session middleware
Create a session middleware with the given options . Note Session data is not saved in the cookie itself, just the session ID....
Read more >Set samesite cookie attribute for PHP sessions - Drupal
Problem/Motivation Drupal 7 does not set the samesite attribute for PHP session cookies, unless on PHP 7.3 or higher.
Read more >Support Article - Google Chrome SameSite Cookie Attribute
This means that the Intershop session is lost and Punchout does no longer work. In order to transfer the SID cookie to the...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The unfortunate part is that it is too late to fix your existing sessions, AFAIK. Because all those cookies that were from before users who upgraded to Chrome 80 won’t have the change, and so Chrome will not send them back to the server here for this module to even “fix” them after the fact… if Chrome does not send the cookie, this module doesn’t know the session ID in order to provide an updated cookie.
I have looked into how the chrome 80 change would impact you
For pre-existing users that default to the sameSite lax it looks like the cookie will not be sent to your third party. This would result in the symptoms you describe. This is not a common change you are encountering and I do not expect you to have to do so again. Alas it does look like the sameSite setting will remain unset until a new cookie is dropped and you loose session.