fix: same site cookie

server/cookie/cookie.go

@@ -36,8 +36,9 @@ func SetSession(gc *gin.Context, sessionID string) {
 	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
 	// https://github.com/gin-gonic/gin/blob/master/context.go#L86
 	// TODO add ability to sameSite = none / strict from dashboard
-	gc.SetSameSite(http.SameSiteLaxMode)
-
+	if !appCookieSecure {
+		gc.SetSameSite(http.SameSiteLaxMode)
+	}
 	// TODO allow configuring from dashboard
 	year := 60 * 60 * 24 * 365