Session Cookie - SameSite

Wappler General
#1

Hi @patrick
I’m testing a capacitor mobile app on web but the session id cookie is not being set because the samesite attribute is missing so it defaults to Lax. I’m concerned that because different devices use different hostnames under Capacitor that sessions may be inconsistent at best.

Is it possible to set this to None as a default for the web (API) project? (or a project option to set it as None)

image
image1830×434 136 KB

Wappler 5.7.0 Released
#2

There is also another issue with cookies and their options

If set to SameSite None when setting a cookie, the remove step does not issue the same options and therefore does not actually remove it:

image
image1762×434 52.7 KB

Logout not working in Mobile app
#3
#4

Having a similar issue on logout. It looks like the Response Header is trying to clear out the cookie, but SameSite was not set so it defaulted to lax and blocked the Set Cookie.

image
image1899×457 201 KB
\

I have set the Security Provider to “None”, but the Logout action seems to not follow it.

image
image486×577 31.4 KB

Session and Cookies not stored
How does the Identity and Cookies work for authentication?
#5

Good day, @patrick. Are you able to assist with our logout issue?

#6

You can test the following update: app.zip (5.3 KB) unzip to lib/core.

In mobile app - login is successful but identity of security identity is not set
#7

Thanks @patrick! That appears to resolve the issue for me. @bpj let us know if it helps you as well.