From 26208a53e6e6443674c68dac3fb27bf79d0de76a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vin=C3=ADcio=20Augusto?= <vinicioasn@gmail.com>
Date: Tue, 15 Sep 2020 18:05:33 -0300
Subject: [PATCH] session: adds CookieSameSite to ManagerConfig

---
 session/session.go | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/session/session.go b/session/session.go
index eb85360a..4532a959 100644
--- a/session/session.go
+++ b/session/session.go
@@ -92,20 +92,21 @@ func GetProvider(name string) (Provider, error) {
 
 // ManagerConfig define the session config
 type ManagerConfig struct {
-	CookieName              string `json:"cookieName"`
-	EnableSetCookie         bool   `json:"enableSetCookie,omitempty"`
-	Gclifetime              int64  `json:"gclifetime"`
-	Maxlifetime             int64  `json:"maxLifetime"`
-	DisableHTTPOnly         bool   `json:"disableHTTPOnly"`
-	Secure                  bool   `json:"secure"`
-	CookieLifeTime          int    `json:"cookieLifeTime"`
-	ProviderConfig          string `json:"providerConfig"`
-	Domain                  string `json:"domain"`
-	SessionIDLength         int64  `json:"sessionIDLength"`
-	EnableSidInHTTPHeader   bool   `json:"EnableSidInHTTPHeader"`
-	SessionNameInHTTPHeader string `json:"SessionNameInHTTPHeader"`
-	EnableSidInURLQuery     bool   `json:"EnableSidInURLQuery"`
-	SessionIDPrefix         string `json:"sessionIDPrefix"`
+	CookieName              string        `json:"cookieName"`
+	EnableSetCookie         bool          `json:"enableSetCookie,omitempty"`
+	Gclifetime              int64         `json:"gclifetime"`
+	Maxlifetime             int64         `json:"maxLifetime"`
+	DisableHTTPOnly         bool          `json:"disableHTTPOnly"`
+	Secure                  bool          `json:"secure"`
+	CookieLifeTime          int           `json:"cookieLifeTime"`
+	ProviderConfig          string        `json:"providerConfig"`
+	Domain                  string        `json:"domain"`
+	SessionIDLength         int64         `json:"sessionIDLength"`
+	EnableSidInHTTPHeader   bool          `json:"EnableSidInHTTPHeader"`
+	SessionNameInHTTPHeader string        `json:"SessionNameInHTTPHeader"`
+	EnableSidInURLQuery     bool          `json:"EnableSidInURLQuery"`
+	SessionIDPrefix         string        `json:"sessionIDPrefix"`
+	CookieSameSite          http.SameSite `json:"cookieSameSite"`
 }
 
 // Manager contains Provider and its configuration.
@@ -232,6 +233,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
 		HttpOnly: !manager.config.DisableHTTPOnly,
 		Secure:   manager.isSecure(r),
 		Domain:   manager.config.Domain,
+		SameSite: manager.config.CookieSameSite,
 	}
 	if manager.config.CookieLifeTime > 0 {
 		cookie.MaxAge = manager.config.CookieLifeTime
@@ -271,7 +273,9 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
 			HttpOnly: !manager.config.DisableHTTPOnly,
 			Expires:  expiration,
 			MaxAge:   -1,
-			Domain:   manager.config.Domain}
+			Domain:   manager.config.Domain,
+			SameSite: manager.config.CookieSameSite,
+		}
 
 		http.SetCookie(w, cookie)
 	}
@@ -306,6 +310,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 			HttpOnly: !manager.config.DisableHTTPOnly,
 			Secure:   manager.isSecure(r),
 			Domain:   manager.config.Domain,
+			SameSite: manager.config.CookieSameSite,
 		}
 	} else {
 		oldsid, _ := url.QueryUnescape(cookie.Value)