Merge pull request #206 from UWB-ACM/change-cookie-samesite

UWB-ACM-OFFICIAL · web-flow · commit e314c756a85a · 2025-05-24T15:24:17.000-07:00
Fix google auth
diff --git a/src/util/session.ts b/src/util/session.ts
@@ -110,7 +110,10 @@ export async function ensureSession(req: NextRequest, res: NextResponse) {
         httpOnly: true,
         // Development isn't a secure context.
         secure: process.env.NODE_ENV !== "development",
-        sameSite: "strict",
+        // Not strict because the session may be used to
+        // generate first load HTML, and to enable auth
+        // with OAuth2 redirects.
+        sameSite: "lax",
     });
 
     // Also set the request header so that any server
