diff --git a/lib/cookie.js b/lib/cookie.js
index 6b6ebc7..8a58845 100644
--- a/lib/cookie.js
+++ b/lib/cookie.js
@@ -28,7 +28,7 @@ module.exports = class Cookie {
       if (request.protocol === 'https') {
         this.secure = true
       } else {
-        this.sameSite = 'Lax'
+        this.sameSite = 'lax'
         this.secure = false
       }
     }
diff --git a/package.json b/package.json
index a98434d..ddf0e49 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
     "url": "git+https://github.com/fastify/session.git"
   },
   "devDependencies": {
-    "@fastify/cookie": "^10.0.0",
+    "@fastify/cookie": "^11.0.0",
     "@fastify/pre-commit": "^2.1.0",
     "@types/node": "^22.0.0",
     "c8": "^10.1.2",
diff --git a/test/session.test.js b/test/session.test.js
index da2026c..5f061bb 100644
--- a/test/session.test.js
+++ b/test/session.test.js
@@ -834,7 +834,7 @@ test("clears cookie if not backed by a session, and there's nothing to save", as
   })
 
   t.assert.strictEqual(response.statusCode, 200)
-  t.assert.strictEqual(response.headers['set-cookie'], 'sessionId=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Lax')
+  t.assert.strictEqual(response.headers['set-cookie'], 'sessionId=; Max-Age=0; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Lax')
 })
 
 test("clearing cookie sets the domain if it's specified in the cookie options", async t => {
@@ -853,7 +853,7 @@ test("clearing cookie sets the domain if it's specified in the cookie options",
   })
 
   t.assert.strictEqual(response.statusCode, 200)
-  t.assert.strictEqual(response.headers['set-cookie'], 'sessionId=; Domain=domain.test; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Lax')
+  t.assert.strictEqual(response.headers['set-cookie'], 'sessionId=; Max-Age=0; Domain=domain.test; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Lax')
 })
 
 test('does not clear cookie if no session cookie in request', async t => {