From fab45404e66408032147fa963e2708199172b727 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renato=20Vass=C3=A3o?= <renato.vassao@mindbodyonline.com>
Date: Tue, 14 Oct 2025 17:56:08 -0300
Subject: [PATCH] Update docs with new cookie attributes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Renato Vassão <renato.vassao@mindbodyonline.com>
---
 docs/gitbook/usage/deployment-strategies.md | 35 +++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/docs/gitbook/usage/deployment-strategies.md b/docs/gitbook/usage/deployment-strategies.md
index aba99d01..5dfdc296 100644
--- a/docs/gitbook/usage/deployment-strategies.md
+++ b/docs/gitbook/usage/deployment-strategies.md
@@ -494,3 +494,38 @@ then all subsequent requests will be routed to the same until the next step star
 value is generated which is then included in the headers of responses from the primary workload. This allows for
 weighted traffic routing to happen while ensuring that users don't ever switch back to the primary deployment from
 the canary deployment during a Canary analysis.
+
+### Configuring additional cookie attributes
+
+Depending on your use case, you may neet to set additional [cookie attributes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes) in order for your application to route requests correctly.
+You may set the following attributes:
+
+```yaml
+  analysis:
+    # schedule interval (default 60s)
+    interval: 1m
+    sessionAffinity:
+      # name of the cookie used
+      cookieName: flagger-cookie
+      # max age of the cookie (in seconds)
+      # optional; defaults to 86400
+      maxAge: 21600
+      # defines the host to which the cookie will be sent.
+      # optional
+      domain: fluxcd.io
+      # forbids JavaScript from accessing the cookie, for example, through the Document.cookie property.
+      # optional
+      httpOnly: true
+      # indicates that the cookie should be stored using partitioned storage.
+      # optional
+      partitioned: true
+      # indicates the path that must exist in the requested URL for the browser to send the Cookie header.
+      # optional
+      path: /flagger
+      # controls whether or not a cookie is sent with cross-site requests.
+      # optional; valid values are Strict, Lax or None
+      sameSite: Strict
+      # indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost)
+      # optional
+      secure: true
+```