Use stricter cookie attributes

This commit is contained in:
r 2023-10-07 09:11:43 +00:00
parent b83a00aa2c
commit d297eb5658
1 changed files with 6 additions and 3 deletions

View File

@ -33,9 +33,11 @@ func (c *client) setSession(sess *model.Session) error {
return err
}
http.SetCookie(c.w, &http.Cookie{
Name: "session",
Value: sb.String(),
Expires: time.Now().Add(365 * 24 * time.Hour),
Name: "session",
Path: "/",
HttpOnly: true,
Value: sb.String(),
Expires: time.Now().Add(365 * 24 * time.Hour),
})
return nil
}
@ -53,6 +55,7 @@ func (c *client) getSession() (sess *model.Session, err error) {
func (c *client) unsetSession() {
http.SetCookie(c.w, &http.Cookie{
Name: "session",
Path: "/",
Value: "",
Expires: time.Now(),
})