Use stricter cookie attributes

This commit is contained in:
r 2023-10-07 09:11:43 +00:00
parent b83a00aa2c
commit d297eb5658

View file

@ -34,6 +34,8 @@ func (c *client) setSession(sess *model.Session) error {
} }
http.SetCookie(c.w, &http.Cookie{ http.SetCookie(c.w, &http.Cookie{
Name: "session", Name: "session",
Path: "/",
HttpOnly: true,
Value: sb.String(), Value: sb.String(),
Expires: time.Now().Add(365 * 24 * time.Hour), Expires: time.Now().Add(365 * 24 * time.Hour),
}) })
@ -53,6 +55,7 @@ func (c *client) getSession() (sess *model.Session, err error) {
func (c *client) unsetSession() { func (c *client) unsetSession() {
http.SetCookie(c.w, &http.Cookie{ http.SetCookie(c.w, &http.Cookie{
Name: "session", Name: "session",
Path: "/",
Value: "", Value: "",
Expires: time.Now(), Expires: time.Now(),
}) })