From 67e599228c99619212a06b47833523c1e356d751 Mon Sep 17 00:00:00 2001
From: VKTB <45173816+VKTB@users.noreply.github.com>
Date: Mon, 12 Feb 2024 12:04:22 +0000
Subject: [PATCH] Fix samesite and path cookie attributes #28

---
 ldap_jwt_auth/routers/login.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ldap_jwt_auth/routers/login.py b/ldap_jwt_auth/routers/login.py
index 61d87f6..a152e67 100644
--- a/ldap_jwt_auth/routers/login.py
+++ b/ldap_jwt_auth/routers/login.py
@@ -47,8 +47,8 @@ def login(
             max_age=config.authentication.refresh_token_validity_days * 24 * 60 * 60,
             secure=True,
             httponly=True,
-            samesite="Lax",
-            path="/refresh",
+            samesite="lax",
+            path=f"{config.api.root_path}/refresh",
         )
         return response
     except (InvalidCredentialsError, UserNotActiveError) as exc: