Appease some Chrome cookie-related warnings.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3854 ed5197a5-7fde-0310-b194-c3ffbd925b24
2022-03-07 18:39:52 +00:00
parent 3381b588a1
commit cb315c717b
1 changed files with 2 additions and 2 deletions
--- a/core/auth.js
+++ b/core/auth.js
@@ -114,7 +114,7 @@ function authHandler(request, response) {
 			}
 		}

-		var cookie = "session=" + session + "; path=/; Max-Age=604800";
+		var cookie = "session=" + session + "; path=/; Max-Age=604800; Secure; SameSite=Strict";
 		var entry = readSession(session);
 		if (entry && formData.return) {
 			response.writeHead(303, {"Location": formData.return, "Set-Cookie": cookie});
@@ -165,7 +165,7 @@ function authHandler(request, response) {
 		}
 	} else if (request.uri == "/login/logout") {
 		removeSession(session);
-		response.writeHead(303, {"Set-Cookie": "session=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT", "Location": "/login" + (request.query ? "?" + request.query : "")});
+		response.writeHead(303, {"Set-Cookie": "session=; path=/; secure; SameSite=Strict; expires=Thu, 01 Jan 1970 00:00:00 GMT", "Location": "/login" + (request.query ? "?" + request.query : "")});
 		response.end();
 	} else {
 		response.writeHead(200, {"Content-Type": "text/plain; charset=utf-8", "Connection": "close"});