Centralize session options and adjust cookies
Configure session cookie options centrally in initRouter and remove per-login MaxAge handling. Deleted SetMaxAge helper and its use in the login flow; session.Options are now applied once using basePath with HttpOnly and SameSite defaults, and MaxAge is set only when the stored setting is available and >0. Also make CookieManager.setCookie treat exdays as optional (only add expires when provided) and stop using a hardcoded 150-day expiry for the lang cookie in the JS language manager. Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
This commit is contained in:
@@ -31,18 +31,6 @@ func SetLoginUser(c *gin.Context, user *model.User) {
|
||||
s.Set(loginUserKey, *user)
|
||||
}
|
||||
|
||||
// SetMaxAge configures the session cookie maximum age in seconds.
|
||||
// This controls how long the session remains valid before requiring re-authentication.
|
||||
func SetMaxAge(c *gin.Context, maxAge int) {
|
||||
s := sessions.Default(c)
|
||||
s.Options(sessions.Options{
|
||||
Path: defaultPath,
|
||||
MaxAge: maxAge,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
}
|
||||
|
||||
// GetLoginUser retrieves the authenticated user from the session.
|
||||
// Returns nil if no user is logged in or if the session data is invalid.
|
||||
func GetLoginUser(c *gin.Context) *model.User {
|
||||
|
||||
Reference in New Issue
Block a user