oadmin/new-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enhance session store security and configuration

Browse Source 
- Add 30-day max age for session cookies
- Enable HttpOnly flag
- Set SameSite to strict mode
This commit is contained in:
1808837298@qq.com
2025-02-11 17:06:51 +08:00
parent bbc1550a9e
commit cb4d40c3c8
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
main.go
View File

@@ -146,8 +146,11 @@ func main() {
// Initialize session store // Initialize session store
store := cookie.NewStore([]byte(common.SessionSecret)) store := cookie.NewStore([]byte(common.SessionSecret))
store.Options(sessions.Options{ store.Options(sessions.Options{
Path: "/", Path: "/",
Secure: false, MaxAge: 2592000, // 30 days
HttpOnly: true,
Secure: false,
SameSite: http.SameSiteStrictMode,
}) })
server.Use(sessions.Sessions("session", store)) server.Use(sessions.Sessions("session", store))