From 980a5bef2f371acdcdd0e60aad3bc86e03ea6063 Mon Sep 17 00:00:00 2001
From: jkaplon <jody@kaplon.us>
Date: Sat, 13 Mar 2021 11:38:08 -0500
Subject: [PATCH] Address browser console warning msg about sameSite cookie
 setting. Enable sameSite and secure options on main session cookie (and
 enable 'trust proxy' setting in Express since TLS connection does not reach
 this app). Disable cookie set by socket.io since there doesn't seem to be any
 way to enable sameSite and it's not being used by app.

---
 server.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/server.js b/server.js
index 8ca493d..a94bb4d 100644
--- a/server.js
+++ b/server.js
@@ -18,8 +18,15 @@ var Strategy = require('passport-local').Strategy;
 var db = require('./db');
 var Session = require('express-session');
 var SessionStore = require('session-file-store')(Session);
-var session = Session({ secret: 'here kitty kitty', resave: false, saveUninitialized: false, store: new SessionStore({path: __dirname+'/tmp/sessions'}) });
+var session = Session({
+        secret: 'here kitty kitty',
+        resave: false,
+        saveUninitialized: false,
+        cookie: { sameSite: true, secure: true },
+        store: new SessionStore({path: __dirname+'/tmp/sessions'})
+    });
 app.use(session);
+app.set('trust proxy', true);
 
 //----------------------------
 // Configure the local strategy for use by Passport.
@@ -94,7 +101,7 @@ app.get('/logout', function(req, res){
 });
 
 var http = require('http').Server(app);
-var io = require('socket.io')(http);
+var io = require('socket.io')(http, { cookie: false });
 var iosess = require('socket.io-express-session');
 io.use(iosess(session));