From f847de83f96e33c7f2d733ab1f4fa64584e677f1 Mon Sep 17 00:00:00 2001
From: KGFCH2 <babinbid05@gmail.com>
Date: Tue, 2 Jun 2026 14:05:25 +0530
Subject: [PATCH] fix: enforce secure session cookies in production

---
 server/index.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/index.js b/server/index.js
index 64167f6..902d017 100644
--- a/server/index.js
+++ b/server/index.js
@@ -61,12 +61,18 @@ app.use(
 // Request logging
 app.use(morgan("dev"));
 
+const isProduction = process.env.NODE_ENV === "production";
+
 app.use(
 	session({
 		secret: process.env.SESSION_SECRET || "supersecret",
 		resave: false,
 		saveUninitialized: false,
-		cookie: { secure: false },
+		proxy: isProduction,
+		cookie: {
+			secure: isProduction,
+			sameSite: "lax",
+		},
 	}),
 );