Use stricter cookie attributes

This commit is contained in:
r 2023-10-07 09:11:43 +00:00
parent b83a00aa2c
commit d297eb5658

View file

@ -33,9 +33,11 @@ func (c *client) setSession(sess *model.Session) error {
return err return err
} }
http.SetCookie(c.w, &http.Cookie{ http.SetCookie(c.w, &http.Cookie{
Name: "session", Name: "session",
Value: sb.String(), Path: "/",
Expires: time.Now().Add(365 * 24 * time.Hour), HttpOnly: true,
Value: sb.String(),
Expires: time.Now().Add(365 * 24 * time.Hour),
}) })
return nil return nil
} }
@ -53,6 +55,7 @@ func (c *client) getSession() (sess *model.Session, err error) {
func (c *client) unsetSession() { func (c *client) unsetSession() {
http.SetCookie(c.w, &http.Cookie{ http.SetCookie(c.w, &http.Cookie{
Name: "session", Name: "session",
Path: "/",
Value: "", Value: "",
Expires: time.Now(), Expires: time.Now(),
}) })