From 693f3c51184032bf8f0106b6de54b68dbfe1bd02 Mon Sep 17 00:00:00 2001
From: Jason McNeil <sixcolors@mac.com>
Date: Thu, 2 Dec 2021 02:44:03 -0400
Subject: [PATCH] fix(middleware/session): CookieSameSite default "Lax" (#1638)

* CookieSameSite default "Lax"

* Update README.md

* CookieSameSite default "Lax"

* Revert "CookieSameSite default "Lax""

This reverts commit 414187704b6173481f992ad96bb1a6df1094bd4d.
---
 middleware/session/README.md  | 4 ++--
 middleware/session/session.go | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/middleware/session/README.md b/middleware/session/README.md
index 35493e32e7..2c13de035a 100644
--- a/middleware/session/README.md
+++ b/middleware/session/README.md
@@ -140,8 +140,8 @@ type Config struct {
 	// Optional. Default value false.
 	CookieHTTPOnly bool
 
-	// Indicates if CSRF cookie is HTTP only.
-	// Optional. Default value false.
+	// Sets the CSRF cookie SameSite attribute.
+	// Optional. Default value "Lax".
 	CookieSameSite string
 
 	// KeyGenerator generates the session key.
diff --git a/middleware/session/session.go b/middleware/session/session.go
index 99f33a50c0..c8be6625b3 100644
--- a/middleware/session/session.go
+++ b/middleware/session/session.go
@@ -202,7 +202,6 @@ func (s *Session) setSession() {
 		fcookie.SetSecure(s.config.CookieSecure)
 		fcookie.SetHTTPOnly(s.config.CookieHTTPOnly)
 
-		// TODO Default value should be set to `strict` in fiber v3.
 		switch utils.ToLower(s.config.CookieSameSite) {
 		case "strict":
 			fcookie.SetSameSite(fasthttp.CookieSameSiteStrictMode)