diff --git a/content/2.nuxt-auth/v0.6/2.configuration/2.nuxt-config.md b/content/2.nuxt-auth/v0.6/2.configuration/2.nuxt-config.md
index 5c03d24..a2bae96 100644
--- a/content/2.nuxt-auth/v0.6/2.configuration/2.nuxt-config.md
+++ b/content/2.nuxt-auth/v0.6/2.configuration/2.nuxt-config.md
@@ -206,6 +206,15 @@ type ProviderLocal = {
      * Note: Your backend may reject / expire the token earlier / differently.
      */
     maxAgeInSeconds?: number,
+    /**
+     * The cookie sameSite policy. Can be used as a form of csrf forgery protection. If set to `strict`, the cookie will only be passed with requests to the same 'site'. Typically, this includes subdomains. So, a sameSite: strict cookie set by app.mysite.com will be passed to api.mysite.com, but not api.othersite.com. 
+     *
+     * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
+     *
+     * @default 'lax'
+     * @example 'strict'
+     */
+     sameSiteAttribute?:  boolean | 'lax' | 'strict' | 'none' | undefined,
   },
   /**
    * Define an interface for the session data object that `nuxt-auth` expects to receive from the `getSession` endpoint.