We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, after migrating some application with activerecord-session_store from Rails 6.1.7 to 7.1.3.4, the SameSite attribute is missing in cookies:
curl -v http://localhost:3000 ... < set-cookie: _cta_session=9f0ec74db42eb11e0434f81fc257c348; path=/; httponly ...
I was expecting "SameSite=Lax" which is the default for Rails applications according to https://guides.rubyonrails.org/configuring.html#config-action-dispatch-cookies-same-site-protection:
< set-cookie: _cta_session=9f0ec74db42eb11e0434f81fc257c348; path=/; httponly; SameSite=Lax
It's the same issue with versions 2.0.0 and 2.1.0 of activerecord-session_store, and it's working with https://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html.
Steps to reproduce:
rails new cookies_test_app cd cookies_test_app rails generate controller Some // app/controllers/some_controller.rb: class SomeController < ApplicationController def index session[:something] = true render plain: "hi there" end end // add to config/routes.rb: root "some#index" // add to Gemfile: gem 'activerecord-session_store' // execute migrations rails db:migrate // config/session_store.rb: CookiesTestApp::Application.config.session_store :active_record_store, key: '_cta_session', secure: Rails.env.production?
And then see "set-cookie" in the result of "curl -v http://localhost:3000".
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi,
after migrating some application with activerecord-session_store from Rails 6.1.7 to 7.1.3.4, the SameSite attribute is missing in cookies:
I was expecting "SameSite=Lax" which is the default for Rails applications according to https://guides.rubyonrails.org/configuring.html#config-action-dispatch-cookies-same-site-protection:
< set-cookie: _cta_session=9f0ec74db42eb11e0434f81fc257c348; path=/; httponly; SameSite=LaxIt's the same issue with versions 2.0.0 and 2.1.0 of activerecord-session_store, and it's working with https://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html.
Steps to reproduce:
And then see "set-cookie" in the result of "curl -v http://localhost:3000".
The text was updated successfully, but these errors were encountered: