From d297eb565814e1ab3d350b9eefc35a219fb51a88 Mon Sep 17 00:00:00 2001
From: r <r@freesoftwareextremist.com>
Date: Sat, 7 Oct 2023 09:11:43 +0000
Subject: Use stricter cookie attributes

---
 service/client.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/service/client.go b/service/client.go
index e4ab8cb..18ebb52 100644
--- a/service/client.go
+++ b/service/client.go
@@ -33,9 +33,11 @@ func (c *client) setSession(sess *model.Session) error {
 		return err
 	}
 	http.SetCookie(c.w, &http.Cookie{
-		Name:    "session",
-		Value:   sb.String(),
-		Expires: time.Now().Add(365 * 24 * time.Hour),
+		Name:     "session",
+		Path:     "/",
+		HttpOnly: true,
+		Value:    sb.String(),
+		Expires:  time.Now().Add(365 * 24 * time.Hour),
 	})
 	return nil
 }
@@ -53,6 +55,7 @@ func (c *client) getSession() (sess *model.Session, err error) {
 func (c *client) unsetSession() {
 	http.SetCookie(c.w, &http.Cookie{
 		Name:    "session",
+		Path:    "/",
 		Value:   "",
 		Expires: time.Now(),
 	})
-- 
cgit v1.2.3