Name of the Vulnerable Software and Affected Versions SoftwareX versions prior to 2.2.1

Description The issue is related to the default cookie name prefix, which was set to Host instead of Host-. This prefix is used for additional security to ensure the cookie came from the correct domain when no domain option is provided in the cookie options.

Recommendations For versions prior to 2.2.1, as a temporary workaround, consider providing a custom cookieName as part of the options, which is correctly prefixed with Host-. Upgrade to version 2.2.1 or later to fully resolve the issue.