Use stricter cookie attributes
This commit is contained in:
parent
b83a00aa2c
commit
d297eb5658
|
@ -34,6 +34,8 @@ func (c *client) setSession(sess *model.Session) error {
|
||||||
}
|
}
|
||||||
http.SetCookie(c.w, &http.Cookie{
|
http.SetCookie(c.w, &http.Cookie{
|
||||||
Name: "session",
|
Name: "session",
|
||||||
|
Path: "/",
|
||||||
|
HttpOnly: true,
|
||||||
Value: sb.String(),
|
Value: sb.String(),
|
||||||
Expires: time.Now().Add(365 * 24 * time.Hour),
|
Expires: time.Now().Add(365 * 24 * time.Hour),
|
||||||
})
|
})
|
||||||
|
@ -53,6 +55,7 @@ func (c *client) getSession() (sess *model.Session, err error) {
|
||||||
func (c *client) unsetSession() {
|
func (c *client) unsetSession() {
|
||||||
http.SetCookie(c.w, &http.Cookie{
|
http.SetCookie(c.w, &http.Cookie{
|
||||||
Name: "session",
|
Name: "session",
|
||||||
|
Path: "/",
|
||||||
Value: "",
|
Value: "",
|
||||||
Expires: time.Now(),
|
Expires: time.Now(),
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue