fix: update setting cookie in

B-urb · May 4, 2024 · 4f204cf · 4f204cf
1 parent c81a7d7
commit 4f204cf
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/Readme.md b/Readme.md
@@ -21,6 +21,7 @@ Embarking on a secure journey in Kubernetes.
 - Node.js and npm
 - Kubernetes cluster (for deployment)
 - Helm (for deployment)
+- traefik > 3.0
 
 ### Usage
 add annotation `` to your ingress

diff --git a/backend/internal/handlers/auth.go b/backend/internal/handlers/auth.go
@@ -98,6 +98,19 @@ func (h *Handler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 	}
 
 	session, _ := store.Get(r, "session-cook")
+	tld, err := extractMainDomain(r.Host)
+	if err != nil {
+		sendJSONError(w, "Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+	session.Options = &sessions.Options{
+		Path:     "/",                   // Available across the entire domain
+		MaxAge:   3600,                  // Expires after 1 hour
+		HttpOnly: true,                  // Not accessible via JavaScript
+		Secure:   true,                  // Only sent over HTTPS
+		SameSite: http.SameSiteNoneMode, // Controls cross-site request behavior
+		Domain:   tld,
+	}
 	session.Values["authenticated"] = true
 	session.Values["user"] = inputUser.Email
 	session.Save(r, w)