From 5e97ecd260f7cd7316622dc9d3d86903e64d630a Mon Sep 17 00:00:00 2001
From: DingDongSoLong4 <99329275+DingDongSoLong4@users.noreply.github.com>
Date: Mon, 19 Sep 2022 06:56:05 +0200
Subject: [PATCH] Set explicit SameSite=Lax on session cookie (#2926)

---
 pkg/session/session.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/session/session.go b/pkg/session/session.go
index 7fc1b7f27..76a0c0520 100644
--- a/pkg/session/session.go
+++ b/pkg/session/session.go
@@ -49,6 +49,7 @@ func NewStore(c SessionConfig) *Store {
 	}
 
 	ret.sessionStore.MaxAge(c.GetMaxSessionAge())
+	ret.sessionStore.Options.SameSite = http.SameSiteLaxMode
 
 	return ret
 }