feat: set http_only flag for cookie

2026-04-22 23:17:24 +08:00 · 2024-11-10 12:27:20 +08:00
parent 939e956424
commit 631af1f827
1 changed files with 8 additions and 4 deletions
@@ -58,14 +58,18 @@ func main() {
 	//server.Use(gzip.Gzip(gzip.DefaultCompression))  // conflict with sse

 	// Initialize session store
+	var store sessions.Store
 	if common.RedisEnabled {
 		opt := common.ParseRedisOption()
-		store, _ := redis.NewStore(opt.MinIdleConns, opt.Network, opt.Addr, opt.Password, []byte(common.SessionSecret))
-		server.Use(sessions.Sessions("session", store))
+		store, _ = redis.NewStore(opt.MinIdleConns, opt.Network, opt.Addr, opt.Password, []byte(common.SessionSecret))
 	} else {
-		store := cookie.NewStore([]byte(common.SessionSecret))
-		server.Use(sessions.Sessions("session", store))
+		store = cookie.NewStore([]byte(common.SessionSecret))
 	}
+	store.Options(sessions.Options{
+		HttpOnly: true,
+		MaxAge:   30 * 24 * 3600,
+	})
+	server.Use(sessions.Sessions("session", store))

 	router.SetRouter(server, buildFS, indexPage)
 	var port = os.Getenv("PORT")