From 0de8ad941673946630ae6d96fe9da976732087a5 Mon Sep 17 00:00:00 2001
From: Code-lab-web <145796632+Code-lab-web@users.noreply.github.com>
Date: Mon, 16 Feb 2026 17:42:39 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 7: Clear text
 transmission of sensitive cookie

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 frontend/components/pages/App.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/frontend/components/pages/App.js b/frontend/components/pages/App.js
index 56ccc6346c..2862d18d73 100644
--- a/frontend/components/pages/App.js
+++ b/frontend/components/pages/App.js
@@ -23,7 +23,12 @@ app.use(session({
   secret: 'keyboard cat',
   resave: false,
   saveUninitialized: false,
-  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' })
+  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' }),
+  cookie: {
+    secure: true,
+    httpOnly: true,
+    sameSite: 'lax'
+  }
 }));
 
 function App() {