BC-8974 change session cookie same site to lax (#3598)

there is logic that encodes the oauth state into the sseion for thr and moin schule, thus when logging in the session info gets lost for the second request from a redirect (sorry hard to explain)
hpi-schul-cloud · Feb 18, 2025 · 6b600a9 · 6b600a9
1 parent 4faad58
commit 6b600a9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/default.schema.json b/config/default.schema.json
@@ -281,7 +281,7 @@
 		},
 		"SESSION_COOKIE_SAME_SITE": {
 			"type": "string",
-			"default": "strict",
+			"default": "lax",
 			"description": "express-session cookie samesite attribute"
 		},
 		"COOKIE": {