Set SameSite Strict on session cookies
This commit is contained in:
parent
09de41c0a2
commit
3ec450805b
@ -48,14 +48,18 @@ func (s *Session) SetCookie(w http.ResponseWriter, r *http.Request) {
|
||||
created := time.Unix(s.createdAt, 0)
|
||||
s.lock.Unlock()
|
||||
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
cookie := &http.Cookie{
|
||||
Name: CookieName,
|
||||
Value: s.Key(),
|
||||
Path: "/",
|
||||
Expires: created.Add(Expiration),
|
||||
HttpOnly: true,
|
||||
Secure: r.TLS != nil,
|
||||
})
|
||||
}
|
||||
|
||||
if v := cookie.String(); v != "" {
|
||||
w.Header().Add("Set-Cookie", v+"; SameSite=Strict")
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Session) Expired() bool {
|
||||
|
Loading…
Reference in New Issue
Block a user