I have a modular sinatra app with this in the configuration:
configure do
disable :protection
use Rack::Protection
enable :sessions
set :session_secret, ENV.fetch('SESSION_SECRET') { SecureRandom.hex(64) }
set (:cookie_options) do {
:SameSite => "Lax",
:expires => Time.now + 1.month,
:secure => true
}
end
end
The line :secure => true works fine but SameSite doesn't. I don't see how to change this.
Also: I don't see how to set the Rack Session cookie to secure: true
Very late answer, but I was in the same boat and it looks like the relevant option that works for me is :same_site.
set :cookie_options do
{
:same_site => :lax # or :strict
...
}
end