Harden session cookie security

Forceu · Forceu · commit 86370914b02e · 2026-03-03T20:14:39.000+01:00
diff --git a/internal/webserver/authentication/sessionmanager/SessionManager.go b/internal/webserver/authentication/sessionmanager/SessionManager.go
@@ -87,6 +87,7 @@ func writeSessionCookie(w http.ResponseWriter, sessionString string, expiry time
 		Name:     "session_token",
 		Value:    sessionString,
 		Expires:  expiry,
+		HttpOnly: true,
 		SameSite: http.SameSiteLaxMode,
 	}
 	http.SetCookie(w, c)

Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,7 @@ func writeSessionCookie(w http.ResponseWriter, sessionString string, expiry time`
`87`	`87`	`Name: "session_token",`
`88`	`88`	`Value: sessionString,`
`89`	`89`	`Expires: expiry,`
	`90`	`+ HttpOnly: true,`
`90`	`91`	`SameSite: http.SameSiteLaxMode,`
`91`	`92`	`}`
`92`	`93`	`http.SetCookie(w, c)`