From 4565c6dd9078d76ac9fcaef4dba68afd565a426c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 30 Apr 2021 11:03:42 -0400
Subject: [PATCH] Only use SameSite=None on Secure site

This fixes logging in when developing on newer versions of Chrome.
---
 session.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/session.go b/session.go
index c83e66f..81d628f 100644
--- a/session.go
+++ b/session.go
@@ -40,7 +40,9 @@ func (app *App) InitSession() {
 		MaxAge:   sessionLength,
 		HttpOnly: true,
 		Secure:   strings.HasPrefix(app.cfg.App.Host, "https://"),
-		SameSite: http.SameSiteNoneMode,
+	}
+	if store.Options.Secure {
+		store.Options.SameSite = http.SameSiteNoneMode
 	}
 	app.sessionStore = store
 }