Update cookie settings in SocialAuthController and session configuration for enhanced security

This commit modifies the cookie settings in the SocialAuthController to use 'none' for the SameSite attribute, allowing cross-site cookie usage. Additionally, it updates the session configuration to set the secure cookie option to true and changes the SameSite setting to be environment variable driven, improving security and flexibility in cookie handling.

Author: Level237

app/Http/Controllers/Auth/SocialAuthController.php

@@ -60,10 +60,10 @@ public function handleGoogleCallback(): RedirectResponse
 
         return redirect("{$frontendUrl}/auth/callback")->cookie('accessToken', $accessToken, 
         Carbon::now()->addMinutes(config('passport.token_ttl'))->timestamp, 
-        '/', $domain, $secure, true, false, 'lax') // ttl, path, domain, secure, httpOnly, raw, sameSite
+        '/', $domain, $secure, true, false, 'none') // ttl, path, domain, secure, httpOnly, raw, sameSite
     ->cookie('refreshToken', $refreshToken, 
         Carbon::now()->addDays(30)->timestamp, // Longue durée de vie
-        '/', $domain, $secure, true, false, 'lax');
+        '/', $domain, $secure, true, false, 'none');
     }
 
     protected function getUserScope(int $roleId): string

config/session.php

@@ -168,7 +168,7 @@
     |
     */
     'http_only' => true, // Activer le cookie HTTP only
-    'secure' => env('SESSION_SECURE_COOKIE',false),
+    'secure' => env('SESSION_SECURE_COOKIE',true),
 
     /*
     |--------------------------------------------------------------------------
@@ -196,7 +196,7 @@
     |
     */
 
-    'same_site' => 'lax',
+    'same_site' => env('SESSION_SAME_SITE', 'none'),
 
     /*
     |--------------------------------------------------------------------------