Make session cookie HttpOnly and Secure
This commit is contained in:
parent
967e918df1
commit
92529640d6
@ -122,10 +122,12 @@ func createSessionCookie(app *app.App, w http.ResponseWriter, username string) (
|
||||
|
||||
// Create session cookie, containing token
|
||||
cookie := &http.Cookie{
|
||||
Name: "session",
|
||||
Value: token,
|
||||
Path: "/",
|
||||
MaxAge: 86400,
|
||||
Name: "session",
|
||||
Value: token,
|
||||
Path: "/",
|
||||
MaxAge: 86400,
|
||||
HttpOnly: true,
|
||||
Secure: true,
|
||||
}
|
||||
|
||||
http.SetCookie(w, cookie)
|
||||
|
Loading…
Reference in New Issue
Block a user