security – Unable to set the samesite attribute on bm_sv cookie


Found DAST scan error “Cookie Without SameSite Attribute” on Frond end application

Front end application build on node js and React js.

I can see the cookie are added back in response object in browser.

Set-Cookie: bm_sv=fdafdfsdfasffasdfsafsdfsafasffsadffdsfsfasfsdfsfxvxgdhgfwefw;; Path=/; Max-Age=7003; HttpOnly

Error clearly showing that it will be clear by adding “Samesite” Attribute in cookie. I used cookie-session node module and added configuration like below. but it does not work

app.use(cookieSession({ name: ‘mycookie’, secret: ‘myscret’, cookie: { secure: true, httpOnly: true, maxAge: 86400000, sameSite: ‘None’ }, }));

Sorry if i am not clearly elaborate the question. Please free to ask if you do not understand question