From b497bf3ea5831694c7f62e33191c7fd10464a37e Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <andy.wilkinson@broadcom.com>
Date: Thu, 15 Jan 2026 17:31:18 -0800
Subject: [PATCH] Test that the session same site defaults to "lax"

See gh-48830
---
 .../session/SessionAutoConfigurationTests.java            | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
index 7bd93a78884..2f6c072a62d 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
@@ -236,6 +236,14 @@ class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurationTest
 		});
 	}
 
+	@Test
+	void cookieSerializerUsesLaxSameSitePolicyByDefault() {
+		this.contextRunner.run((context) -> {
+			DefaultCookieSerializer cookieSerializer = context.getBean(DefaultCookieSerializer.class);
+			assertThat(cookieSerializer).hasFieldOrPropertyWithValue("sameSite", "Lax");
+		});
+	}
+
 	@Configuration(proxyBeanMethods = false)
 	@EnableSpringHttpSession
 	static class SessionRepositoryConfiguration {