From 3adf7b7f74d448f072f21a2b36eb8d9a60711460 Mon Sep 17 00:00:00 2001
From: Jonathan Cooper <reallysnazzy@protonmail.com>
Date: Fri, 6 Feb 2026 18:27:54 -0800
Subject: [PATCH] Improve cookie settings

---
 src/callback.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/callback.ts b/src/callback.ts
index 1ef8823..1359392 100644
--- a/src/callback.ts
+++ b/src/callback.ts
@@ -72,13 +72,15 @@ export const createSfAuthCallbackRoute = (
 
     response.cookies.set(cookieNames.userId, userId, {
       httpOnly: true,
-      sameSite: "lax",
+      sameSite: "strict",
+      secure: true,
       path: "/"
     });
 
     response.cookies.set(cookieNames.username, username, {
       httpOnly: true,
-      sameSite: "lax",
+      sameSite: "strict",
+      secure: true,
       path: "/"
     });