From a0959cd10a765c0ff9c80afb8b80bb0c5fdc661d Mon Sep 17 00:00:00 2001
From: Joe Ardent <code@ardent.nebcorp.com>
Date: Mon, 4 Mar 2024 14:18:49 -0800
Subject: [PATCH] setting the SameSite cookie policy to lax fixes the issue

---
 README.md           | 6 ++++++
 src/bin/princess.rs | 1 +
 2 files changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 5504fbb..ee7dec0 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,12 @@ inserted in the initial get of `/`, or a message indicating failure. To see it s
 
 and follow the buttons starting from http://localhost:4000/ again to the end.
 
+## UPDATE!
+
+The issue I was having, where an inbound request would cause the cookie to not be read until
+manually triggering a load, was due to the default setting of the `SameSite` cookie policy to
+"strict". Setting it to "lax" fixes the problem. See https://web.dev/articles/samesite-cookies-explained
+
 # Why is it called "princess"?
 
 Because it's the baby version of [Queenie](https://git.kittenclause.com/nebkor/queen), a small
diff --git a/src/bin/princess.rs b/src/bin/princess.rs
index e6ae2ca..9036524 100644
--- a/src/bin/princess.rs
+++ b/src/bin/princess.rs
@@ -21,6 +21,7 @@ async fn main() {
     let session_store = MemoryStore::default();
     let session_layer = SessionManagerLayer::new(session_store)
         .with_secure(false)
+        .with_same_site(tower_sessions::cookie::SameSite::Lax)
         .with_expiry(Expiry::OnInactivity(time::Duration::hours(2)));
 
     let app = Router::new()