e2m
/
dispatch
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Set SameSite Strict on session cookies

This commit is contained in:
Ken-Håvard Lieng 2018-10-06 08:56:29 +02:00
parent 09de41c0a2
commit 3ec450805b
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/session/session.go
View File

@ -48,14 +48,18 @@ func (s *Session) SetCookie(w http.ResponseWriter, r *http.Request) {
created := time.Unix(s.createdAt, 0) created := time.Unix(s.createdAt, 0)
s.lock.Unlock() s.lock.Unlock()
http.SetCookie(w, &http.Cookie{ cookie := &http.Cookie{
Name: CookieName, Name: CookieName,
Value: s.Key(), Value: s.Key(),
Path: "/", Path: "/",
Expires: created.Add(Expiration), Expires: created.Add(Expiration),
HttpOnly: true, HttpOnly: true,
Secure: r.TLS != nil, Secure: r.TLS != nil,
}) }
if v := cookie.String(); v != "" {
w.Header().Add("Set-Cookie", v+"; SameSite=Strict")
}
} }
func (s *Session) Expired() bool { func (s *Session) Expired() bool {