setting the SameSite cookie policy to lax fixes the issue

This commit is contained in:
Joe Ardent 2024-03-04 14:18:49 -08:00
parent e18d38c76e
commit a0959cd10a
2 changed files with 7 additions and 0 deletions

View file

@ -19,6 +19,12 @@ inserted in the initial get of `/`, or a message indicating failure. To see it s
and follow the buttons starting from http://localhost:4000/ again to the end.
## UPDATE!
The issue I was having, where an inbound request would cause the cookie to not be read until
manually triggering a load, was due to the default setting of the `SameSite` cookie policy to
"strict". Setting it to "lax" fixes the problem. See https://web.dev/articles/samesite-cookies-explained
# Why is it called "princess"?
Because it's the baby version of [Queenie](https://git.kittenclause.com/nebkor/queen), a small

View file

@ -21,6 +21,7 @@ async fn main() {
let session_store = MemoryStore::default();
let session_layer = SessionManagerLayer::new(session_store)
.with_secure(false)
.with_same_site(tower_sessions::cookie::SameSite::Lax)
.with_expiry(Expiry::OnInactivity(time::Duration::hours(2)));
let app = Router::new()