From 1257cadf7093b1848962900b8270e257dbc55ea1 Mon Sep 17 00:00:00 2001
From: Sindre Stephansen <sindre@sindrestephansen.com>
Date: Mon, 9 Mar 2020 15:47:07 +0100
Subject: [PATCH] Secure remember cookie. This doesn't enable http-only

---
 src/app/views/login.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app/views/login.py b/src/app/views/login.py
index 6866d37..53e2952 100644
--- a/src/app/views/login.py
+++ b/src/app/views/login.py
@@ -63,7 +63,7 @@ class Login():
         session.userid = userid
         if remember:
             rememberme = self.rememberme(remember_timeout)
-            web.setcookie('remember', rememberme , remember_timeout)
+            web.setcookie('remember', rememberme , remember_timeout, secure=True, samesite='Strict')
 
     def check_rememberme(self):
         """