From b9d55ad0b6c79656420c6b998e2cd32afb3bdf9d Mon Sep 17 00:00:00 2001
From: Sasha Koshka <sashakoshka@tebibyte.media>
Date: Fri, 20 Dec 2024 20:27:46 -0500
Subject: [PATCH] providers/session: Fix session cookie, make it more secure

---
 providers/session/session.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/providers/session/session.go b/providers/session/session.go
index cf4ea83..c044ca9 100644
--- a/providers/session/session.go
+++ b/providers/session/session.go
@@ -108,11 +108,16 @@ func (this *state) funcSessionHTTP (
 		result = session
 	}
 	cookie := &http.Cookie {
-		Name:    sessionIDCookieName,
-		Value:   result.ID().String(),
-		Expires: expiration,
+		Name:     sessionIDCookieName,
+		Value:    result.ID().String(),
+		Expires:  expiration,
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+		Path:     "/",
 	}
-	http.SetCookie(shttp.UnderlyingResponseWriter(res), cookie)
+	underlyingRes := shttp.UnderlyingResponseWriter(res)
+	http.SetCookie(underlyingRes, cookie)
 	return result, nil
 }