So I built an app that uses passport and express session for its authentication. When I deployed, I discovered that safari was not letting express session work until I switched off 'cross site tracking' in its settings. How do I make this work?
Based on this article https://sarav.co/session-persisting-issue-safari I need to manually switch it off, but I honestly cannot expect my users to be manually doing that.
Below is how I've set up my express session:
app.set('trust proxy', 1);
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: {
secure: true,
httpOnly: true,
sameSite: 'none',
maxAge: 60 * 60 * 24 * 1000
},
store: MongoStore.create({
mongoUrl: process.env.DB_URL,
ttl: 14 * 24 * 60 * 60,
autoRemove: 'native',
})
}));
