Use stricter cookie attributes

author: r <r@freesoftwareextremist.com> 2023-10-07 09:11:43 +0000
committer: r <r@freesoftwareextremist.com> 2023-10-07 09:11:43 +0000
commit: d297eb565814e1ab3d350b9eefc35a219fb51a88 (patch)
tree: efa4520494833c8dae29a3ae0e6fd5653bd0794f
parent: b83a00aa2cdabfc20c162379c885caac0110e167 (diff)
download: bloat-d297eb565814e1ab3d350b9eefc35a219fb51a88.tar.gz
bloat-d297eb565814e1ab3d350b9eefc35a219fb51a88.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/service/client.go b/service/client.go
index e4ab8cb..18ebb52 100644
--- a/service/client.go
+++ b/service/client.go
@@ -33,9 +33,11 @@ func (c *client) setSession(sess *model.Session) error {
 		return err
 	}
 	http.SetCookie(c.w, &http.Cookie{
-		Name:    "session",
-		Value:   sb.String(),
-		Expires: time.Now().Add(365 * 24 * time.Hour),
+		Name:     "session",
+		Path:     "/",
+		HttpOnly: true,
+		Value:    sb.String(),
+		Expires:  time.Now().Add(365 * 24 * time.Hour),
 	})
 	return nil
 }
@@ -53,6 +55,7 @@ func (c *client) getSession() (sess *model.Session, err error) {
 func (c *client) unsetSession() {
 	http.SetCookie(c.w, &http.Cookie{
 		Name:    "session",
+		Path:    "/",
 		Value:   "",
 		Expires: time.Now(),
 	})
author	r <r@freesoftwareextremist.com>	2023-10-07 09:11:43 +0000
committer	r <r@freesoftwareextremist.com>	2023-10-07 09:11:43 +0000
commit	d297eb565814e1ab3d350b9eefc35a219fb51a88 (patch)
tree	efa4520494833c8dae29a3ae0e6fd5653bd0794f
parent	b83a00aa2cdabfc20c162379c885caac0110e167 (diff)
download	bloat-d297eb565814e1ab3d350b9eefc35a219fb51a88.tar.gz bloat-d297eb565814e1ab3d350b9eefc35a219fb51a88.zip