# Production overrides
# - Secure session cookie only over HTTPS
# - SameSite policy for CSRF protection and to avoid third-party sending

server.servlet.session.cookie.secure=true
server.servlet.session.cookie.same-site=lax