`secure=True` `set_cookie` option for the access token in `cognito_login_callback` may break testing in localhost

Question

`secure=True` `set_cookie` option for the access token in `cognito_login_callback` may break testing in localhost

Castdeath97 opened this issue 2 years ago · 0 comments

This flag seems to cause the access token cookie to be ignored in some browsers:

https://stackoverflow.com/a/60983003

Changing this line is probably a bad idea security wise, so better just leave a note somewhere about this potential quirk in the README for people facing this issue during local testing purposes.