I have a modular sinatra app with this in the configuration:
configure do
disable :protection
use Rack::Protection
enable :sessions
set :session_secret, ENV.fetch('SESSION_SECRET') { SecureRandom.hex(64) }
set (:cookie_options) do {
:SameSite => "Lax",
:expires => Time.now + 1.month,
:secure => true
}
end
end
The line :secure => true works fine but SameSite doesn't. I don't see how to change this.
Also: I don't see how to set the Rack Session cookie to secure: true
I had a similar issue and found the above answer did not fix the issue (no error, but same-site not modified, possibly because a classic app (or a newer Sinatra), in any case, I eventually found that
configure do
set :sessions, same_site: :strict
:
end
did the trick, details here.