From ee54d91a77a308fedab8593e4e77cb99c37d092f Mon Sep 17 00:00:00 2001
From: Monique Rio <mrio@umich.edu>
Date: Fri, 5 May 2023 15:15:01 -0400
Subject: [PATCH] fix: explicitly set rack session to none

Also sets secure when in production mode and is https
---
 account.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/account.rb b/account.rb
index 512c084e..9b55d05d 100644
--- a/account.rb
+++ b/account.rb
@@ -72,6 +72,12 @@
 helpers StyledFlash
 
 enable :sessions
+set :sessions,
+  same_site: :none,
+  expire_after: 1.day
+
+set :sessions, secure: true if settings.environment == :production
+
 set :session_secret, ENV["RACK_COOKIE_SECRET"]
 set server: "thin", connections: []