Set SameSite directive for auth_token cookie

seek4science · Jan 22, 2025 · 35acf70 · 35acf70
1 parent 3346780
commit 35acf70
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -99,7 +99,7 @@ def successful_login(notice = nil)
     flash[:notice] = notice || "You have successfully logged in, #{@user.display_name}."
     if params[:remember_me] == 'on'
       @user.remember_me unless @user.remember_token?
-      cookies[:auth_token] = { value: @user.remember_token, expires: @user.remember_token_expires_at }
+      cookies[:auth_token] = { value: @user.remember_token, expires: @user.remember_token_expires_at, same_site: :strict }
     end
     respond_to do |format|
       return_to_path = determine_return_path_after_login