Session Cookie not setting correctly

[jkupchotcg]

I'm trying the example with the following cookie store:

store := sessions.NewCookieStore([]byte(os.Getenv("SESSION_SECRET")))
store.MaxAge(86400 * 30)
store.Options.Domain = ""
store.Options.SameSite = http.SameSiteLaxMode
store.Options.Path = "/"
store.Options.HttpOnly = true // HttpOnly should always be enabled
store.Options.Secure = false

gothic.Store = store

I can successfully log in with the provider, but the response shows two Set-Cookie headers for _gothic_session, one that looks correct, the other which is much shorter, but expires in 1970. The one that expires in 1970 appears second, and I believe is not allowing the correct cookie to be stored in the browser.

Has anyone seen something similar to this before?

[AlessandroSechi]

Hitting the same issue

[Udhayarajan]

Faced same, but my case is different sharing here so it may helps someone,

For,
SameSite=None, secure must be true...

When I searched about this, this isn't something new, it was proposed even before COVID. What wonder is, until last week my broken configuration just working fine

[lesichkovm]

its a result from this reported bug: #549