session: adds CookieSameSite to ManagerConfig

2024-11-14 23:10:54 +00:00 · 2020-09-15 18:05:33 -03:00 · 2020-09-15 18:05:33 -03:00 · 26208a53e6
commit 26208a53e6
parent f6519b29a8
1 changed files with 20 additions and 15 deletions
--- a/session/session.go
+++ b/session/session.go
@ -92,20 +92,21 @@ func GetProvider(name string) (Provider, error) {

 // ManagerConfig define the session config
 type ManagerConfig struct {
-	CookieName              string `json:"cookieName"`
-	EnableSetCookie         bool   `json:"enableSetCookie,omitempty"`
-	Gclifetime              int64  `json:"gclifetime"`
-	Maxlifetime             int64  `json:"maxLifetime"`
-	DisableHTTPOnly         bool   `json:"disableHTTPOnly"`
-	Secure                  bool   `json:"secure"`
-	CookieLifeTime          int    `json:"cookieLifeTime"`
-	ProviderConfig          string `json:"providerConfig"`
-	Domain                  string `json:"domain"`
-	SessionIDLength         int64  `json:"sessionIDLength"`
-	EnableSidInHTTPHeader   bool   `json:"EnableSidInHTTPHeader"`
-	SessionNameInHTTPHeader string `json:"SessionNameInHTTPHeader"`
-	EnableSidInURLQuery     bool   `json:"EnableSidInURLQuery"`
-	SessionIDPrefix         string `json:"sessionIDPrefix"`
+	CookieName              string        `json:"cookieName"`
+	EnableSetCookie         bool          `json:"enableSetCookie,omitempty"`
+	Gclifetime              int64         `json:"gclifetime"`
+	Maxlifetime             int64         `json:"maxLifetime"`
+	DisableHTTPOnly         bool          `json:"disableHTTPOnly"`
+	Secure                  bool          `json:"secure"`
+	CookieLifeTime          int           `json:"cookieLifeTime"`
+	ProviderConfig          string        `json:"providerConfig"`
+	Domain                  string        `json:"domain"`
+	SessionIDLength         int64         `json:"sessionIDLength"`
+	EnableSidInHTTPHeader   bool          `json:"EnableSidInHTTPHeader"`
+	SessionNameInHTTPHeader string        `json:"SessionNameInHTTPHeader"`
+	EnableSidInURLQuery     bool          `json:"EnableSidInURLQuery"`
+	SessionIDPrefix         string        `json:"sessionIDPrefix"`
+	CookieSameSite          http.SameSite `json:"cookieSameSite"`
 }

 // Manager contains Provider and its configuration.
@ -232,6 +233,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
 		HttpOnly: !manager.config.DisableHTTPOnly,
 		Secure:   manager.isSecure(r),
 		Domain:   manager.config.Domain,
+		SameSite: manager.config.CookieSameSite,
 	}
 	if manager.config.CookieLifeTime > 0 {
 		cookie.MaxAge = manager.config.CookieLifeTime
@ -271,7 +273,9 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
 			HttpOnly: !manager.config.DisableHTTPOnly,
 			Expires:  expiration,
 			MaxAge:   -1,
-			Domain:   manager.config.Domain}
+			Domain:   manager.config.Domain,
+			SameSite: manager.config.CookieSameSite,
+		}

 		http.SetCookie(w, cookie)
 	}
@ -306,6 +310,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 			HttpOnly: !manager.config.DisableHTTPOnly,
 			Secure:   manager.isSecure(r),
 			Domain:   manager.config.Domain,
+			SameSite: manager.config.CookieSameSite,
 		}
 	} else {
 		oldsid, _ := url.QueryUnescape(cookie.Value)