Document session cookie security behavior

2026-02-24 22:21:16 +01:00
parent 0b23b6a4dd
commit 4920618337
1 changed files with 1 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -47,6 +47,7 @@ Fresh full-stack starter scaffold:
 ## Implemented Backend Scope

 - Auth: register, login, logout, current user context
+- Session cookie: `HttpOnly`, `SameSite=Strict`, `Secure` when served over HTTPS
 - Rulesets: d6 and dnd5e validation rules
 - Campaigns: create/list/read
 - Characters: create/update/activate/current-campaign list