From cb4d40c3c8e6cb328b44178fa6b86456fcf2eb4c Mon Sep 17 00:00:00 2001
From: "1808837298@qq.com" <1808837298@qq.com>
Date: Tue, 11 Feb 2025 17:06:51 +0800
Subject: [PATCH] feat: enhance session store security and configuration

- Add 30-day max age for session cookies
- Enable HttpOnly flag
- Set SameSite to strict mode
---
 main.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index 8175df88..68dae8f4 100644
--- a/main.go
+++ b/main.go
@@ -146,8 +146,11 @@ func main() {
 	// Initialize session store
 	store := cookie.NewStore([]byte(common.SessionSecret))
 	store.Options(sessions.Options{
-		Path:   "/",
-		Secure: false,
+		Path:     "/",
+		MaxAge:   2592000, // 30 days
+		HttpOnly: true,
+		Secure:   false,
+		SameSite: http.SameSiteStrictMode,
 	})
 	server.Use(sessions.Sessions("session", store))