secure cookies fix

Femto.Api/Auth/CookieSettings.cs

@@ -2,6 +2,5 @@ namespace Femto.Api.Auth;
 
 public class CookieSettings
 {
-    public bool SameSite { get; set; }
     public bool Secure { get; set; }
 }

Femto.Api/Auth/SessionAuthenticationHandler.cs

@@ -44,7 +44,7 @@ internal class SessionAuthenticationHandler(
             var identity = new ClaimsIdentity(claims, this.Scheme.Name);
             var principal = new ClaimsPrincipal(identity);
 
-            this.Context.SetSession(result.Session, result.User, cookieOptions.Value);
+            this.Context.SetSession(result.Session, result.User);
             currentUserContext.CurrentUser = new CurrentUser(
                 result.User.Id,
                 result.User.Username,

Femto.Api/Controllers/Auth/AuthController.cs

@@ -28,7 +28,7 @@ public class AuthController(
     {
         var result = await authModule.Command(new LoginCommand(request.Username, request.Password));
 
-        HttpContext.SetSession(result.Session, result.User, cookieSettings.Value);
+        HttpContext.SetSession(result.Session, result.User);
 
         return new LoginResponse(
             result.User.Id,
@@ -44,7 +44,7 @@ public class AuthController(
             new RegisterCommand(request.Username, request.Password, request.SignupCode)
         );
 
-        HttpContext.SetSession(result.Session, result.User, cookieSettings.Value);
+        HttpContext.SetSession(result.Session, result.User);
 
         return new RegisterResponse(
             result.User.Id,

Femto.Api/Sessions/HttpContextSessionExtensions.cs

@@ -2,6 +2,7 @@ using System.Text.Json;
 using System.Text.Json.Serialization;
 using Femto.Api.Auth;
 using Femto.Modules.Auth.Application.Dto;
+using Microsoft.Extensions.Options;
 
 namespace Femto.Api.Sessions;
 
@@ -10,12 +11,12 @@ internal static class HttpContextSessionExtensions
     public static void SetSession(
         this HttpContext httpContext,
         Session session,
-        UserInfo user,
-        CookieSettings cookieSettings
+        UserInfo user
     )
     {
-        var secure = cookieSettings.Secure;
-        var sameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified;
+        var cookieSettings = httpContext.RequestServices.GetService<IOptions<CookieSettings>>();
+        var secure = cookieSettings?.Value.Secure ?? true;
+        var sameSite = secure ? SameSiteMode.None : SameSiteMode.Unspecified;
         var expires = session.Expires;
 
         httpContext.Response.Cookies.Append(
@@ -42,8 +43,8 @@ internal static class HttpContextSessionExtensions
             ),
             new CookieOptions
             {
-                Secure = cookieSettings.Secure,
-                SameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified,
+                Secure = secure,
+                SameSite = sameSite,
                 Expires = session.Expires,
             }
         );