Summer Sale! All accounts are 50% off this week.

Energetic6877's avatar

Why are Session HTTP Only and Same Site overwritten in EnsureFrontendRequestsAreStateful?

Hi, I just realized that the configureSecureCookieSessions method of the EnsureFrontendRequestsAreStateful middleware always overwrites session.http_only and session.same_site, both for frontend and non-frontend requests. But they are not overwritten for requests to web routes, only API routes. Is there a reason behind this?

0 likes
0 replies

Please or to participate in this conversation.