update comments

torcolvin · torcolvin · commit a70fed423e26 · 2025-10-29T14:59:16.000-04:00
diff --git a/auth/session.go b/auth/session.go
@@ -145,6 +145,7 @@ func (auth *Authenticator) MakeSessionCookie(session *LoginSession, secureCookie
 		Expires:  session.Expiration,
 		Secure:   secureCookie,
 		HttpOnly: httpOnly,
+		// as of go 1.25, http.SameSiteDefaultMode will omit SameSite attribute from the cookie
 		SameSite: sameSite,
 	}
 }
diff --git a/docs/api/components/schemas.yaml b/docs/api/components/schemas.yaml
@@ -1700,7 +1700,7 @@ Database:
           type: boolean
         same_site_cookie:
           description: |-
-            Override the session cookie SameSite behavior. By default, if CORS is enabled, a session cookie will have SameSite:None. `Default` will omit any SameSite option from the cookie.
+            Override the session cookie SameSite behavior. By default, a session cookie will have SameSite:None if CORS is enabled, and will have no SameSite attribute if CORS is not enabled.  Setting this property to`Default` will omit the SameSite attribute from the cookie.
           type: string
           enum:
             - "Default"

Original file line number	Diff line number	Diff line change
`@@ -145,6 +145,7 @@ func (auth Authenticator) MakeSessionCookie(session LoginSession, secureCookie`
`145`	`145`	`Expires: session.Expiration,`
`146`	`146`	`Secure: secureCookie,`
`147`	`147`	`HttpOnly: httpOnly,`
	`148`	`+ // as of go 1.25, http.SameSiteDefaultMode will omit SameSite attribute from the cookie`
`148`	`149`	`SameSite: sameSite,`
`149`	`150`	`}`
`150`	`151`	`}`