DisableSubdomainPersistence
option:Cookie Options
at the sess.Handler(...CookieOption)
method too.SameSite
option should be set to http.SameSiteLaxMode
and its Domain
field to the current site domain in order to enable cookie sharing under a root domain and its subdomains. You can do it by setting the CookieAllowSubdomains
Cookie Option to the Iris request Context:AddCookieOptions
.iris.CookieEncoding
option registers a SecureCookie
implementation.SecureCookie
interface looks like this:SecureCookie
interface is 100% compatible with the gorilla/securecookie package. Which is simple and easy to use and it does its job very good.CookieEncoding
Option, as we've seen below there are several ways, depending when and where you need a cookie option to be applied:AddCookieOption
Context method:www.web.dev
domain is part of the web.dev
site.If the user is onwww.web.dev
and requests an image fromstatic.web.dev
then that is a same-site request.
github.io
. That enables your-project.github.io
and my-project.github.io
to count as separate sites.If the user is onyour-project.web.dev
and requests an image frommy-project.github.io
that's a cross-site request.
SameSite
attribute on a cookie provides three different ways to control this behaviour. You can choose to not specify the attribute, or you can use Strict or Lax to limit the cookie to same-site requests.SameSite
attribute accepts three values:Lax
Cookies are allowed to be sent with top-level navigations and will be sent along with GET request initiated by third party website. This is the default value in modern browsers.Strict
Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.None
Cookies will be sent in all contexts, i.e sending cross-origin is allowed. None used to be the default value, but recent browser versions made Lax the default value to have reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks. None requires the Secure attribute in latest browser versions.iris.SameSiteDefaultMode
iris.SameSiteLaxMode
iris.SameSiteStrictMode
iris.SameSiteNoneMode
SameSite
with SetCookie
:SameSite
with AddCookieOptions
:SameSite
with SetCookieKV
: