pixeldrain/fnx_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update auth cookie settings

Browse Source
This commit is contained in:
Wim Brand
2020-02-19 14:36:55 +01:00
parent da62ce6c3c
commit f17e58df29
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
webcontroller/user_account.go
View File

@@ -180,7 +180,13 @@ func (wc *WebController) loginForm(td *TemplateData, r *http.Request) (f Form) {
Path: "/", Path: "/",
Expires: time.Now().AddDate(50, 0, 0), Expires: time.Now().AddDate(50, 0, 0),
Domain: wc.sessionCookieDomain, Domain: wc.sessionCookieDomain,
SameSite: http.SameSiteStrictMode,
// Strict means the Cookie will only be sent when the user
// reaches a page by a link from the same domain. Lax means any
// page on the domain gets the cookie and None means embedded
// content also gets the cookie. We're not trying to track the
// user around the web so we use lax
SameSite: http.SameSiteLaxMode,
} }
f.Extra.RedirectTo = "/user" f.Extra.RedirectTo = "/user"
} }