Set SameSite Strict on session cookies

This commit is contained in:
Ken-Håvard Lieng 2018-10-06 08:56:29 +02:00
parent 09de41c0a2
commit 3ec450805b

View File

@ -48,14 +48,18 @@ func (s *Session) SetCookie(w http.ResponseWriter, r *http.Request) {
created := time.Unix(s.createdAt, 0)
s.lock.Unlock()
http.SetCookie(w, &http.Cookie{
cookie := &http.Cookie{
Name: CookieName,
Value: s.Key(),
Path: "/",
Expires: created.Add(Expiration),
HttpOnly: true,
Secure: r.TLS != nil,
})
}
if v := cookie.String(); v != "" {
w.Header().Add("Set-Cookie", v+"; SameSite=Strict")
}
}
func (s *Session) Expired() bool {