feat: enhance session store security and configuration

- Add 30-day max age for session cookies - Enable HttpOnly flag - Set SameSite to strict mode
2025-02-11 17:06:51 +08:00
parent bbc1550a9e
commit cb4d40c3c8
1 changed files with 5 additions and 2 deletions
--- a/main.go
+++ b/main.go
@@ -146,8 +146,11 @@ func main() {
 	// Initialize session store
 	store := cookie.NewStore([]byte(common.SessionSecret))
 	store.Options(sessions.Options{
-		Path:   "/",
-		Secure: false,
+		Path:     "/",
+		MaxAge:   2592000, // 30 days
+		HttpOnly: true,
+		Secure:   false,
+		SameSite: http.SameSiteStrictMode,
 	})
 	server.Use(sessions.Sessions("session", store))