fix(middleware/session): CookieSameSite default "Lax" (#1638)

* CookieSameSite default "Lax" * Update README.md * CookieSameSite default "Lax" * Revert "CookieSameSite default "Lax"" This reverts commit 414187704b6173481f992ad96bb1a6df1094bd4d.
2025-07-10 12:38:14 +00:00 · 2021-12-02 02:44:03 -04:00 · 2021-12-02 02:44:03 -04:00 · 693f3c5118
commit 693f3c5118
parent af6b204e50
2 changed files with 2 additions and 3 deletions
--- a/middleware/session/README.md
+++ b/middleware/session/README.md
@ -140,8 +140,8 @@ type Config struct {
 	// Optional. Default value false.
 	CookieHTTPOnly bool

-	// Indicates if CSRF cookie is HTTP only.
-	// Optional. Default value false.
+	// Sets the CSRF cookie SameSite attribute.
+	// Optional. Default value "Lax".
 	CookieSameSite string

 	// KeyGenerator generates the session key.
--- a/middleware/session/session.go
+++ b/middleware/session/session.go
@ -202,7 +202,6 @@ func (s *Session) setSession() {
 		fcookie.SetSecure(s.config.CookieSecure)
 		fcookie.SetHTTPOnly(s.config.CookieHTTPOnly)

-		// TODO Default value should be set to `strict` in fiber v3.
 		switch utils.ToLower(s.config.CookieSameSite) {
 		case "strict":
 			fcookie.SetSameSite(fasthttp.CookieSameSiteStrictMode)