From 92529640d616066519816fdf2f80a9f8e0827f73 Mon Sep 17 00:00:00 2001
From: Maximilian <max@mpatterson.xyz>
Date: Tue, 1 Nov 2022 17:59:18 -0500
Subject: [PATCH] Make session cookie HttpOnly and Secure

---
 database/models/user.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/database/models/user.go b/database/models/user.go
index 3359330..a79feca 100644
--- a/database/models/user.go
+++ b/database/models/user.go
@@ -122,10 +122,12 @@ func createSessionCookie(app *app.App, w http.ResponseWriter, username string) (
 
 	// Create session cookie, containing token
 	cookie := &http.Cookie{
-		Name:   "session",
-		Value:  token,
-		Path:   "/",
-		MaxAge: 86400,
+		Name:     "session",
+		Value:    token,
+		Path:     "/",
+		MaxAge:   86400,
+		HttpOnly: true,
+		Secure:   true,
 	}
 
 	http.SetCookie(w, cookie)