Tweaked refresh-token cookie's path and sameSite attributes.

2024-08-07 08:42:03 -05:00 · 2024-08-07 08:42:03 -05:00 · 96deeca6a4
commit 96deeca6a4
parent e2765c4a96
1 changed files with 2 additions and 2 deletions
--- a/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
@ -15,8 +15,8 @@ public final class AuthController {
        final ResponseCookie.ResponseCookieBuilder b = ResponseCookie.from("refresh-token")
                .httpOnly(true)
                .secure(true)
-                .sameSite("Lax")
+                .maxAge(maxAge)
-                .maxAge(maxAge);
+                .path("/");
        if (token != null) {
            b.value(token);
        }