Samesite attribute in cookies

[agent tresdev]

I have this warning in the Firefox console:

Cookie “session_id_app_name” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

So, does anybody if that could potentially become an issue? and if so, how does one go about setting the “sameSite” attribute

[Jose C]

What version of web2py are you using?  At least from 2.18.5+ it specifically defaults to samesite Lax (and you would have to call session.samesite(False) to override the Lax setting). 

You could try put session.samesite('Lax') somewhere in your model and see if that resolves the issue.

You can try putting session.secure() in a model (if your site uses https).

You can also have a peek inside gluons/globals.py, specifically the Session class definition, to see what your web2py is doing with the samesite setting by default.

HTH,

[agent tresdev]

Excellent and thanks for your answer,  i didn't know where to search in the code