providers/session: Fix session cookie, make it more secure

2024-12-20 20:27:46 -05:00 · 2024-12-20 20:27:46 -05:00 · b9d55ad0b6
commit b9d55ad0b6
parent 2d5dbc50b3
1 changed files with 9 additions and 4 deletions
--- a/providers/session/session.go
+++ b/providers/session/session.go
@ -111,8 +111,13 @@ func (this *state) funcSessionHTTP (
 		Name:     sessionIDCookieName,
 		Value:    result.ID().String(),
 		Expires:  expiration,
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+		Path:     "/",
 	}
-	http.SetCookie(shttp.UnderlyingResponseWriter(res), cookie)
+	underlyingRes := shttp.UnderlyingResponseWriter(res)
+	http.SetCookie(underlyingRes, cookie)
 	return result, nil
 }