7d6a4243c1
This ensures that session cookies are not expiring before the session is cleaned up from the database as per CLEANUP_REMOVE_SESSIONS_DAYS. As of now the usefulness of this configuration option is diminished as extending it has no effect on the actual browser session due to the cookie expiry. Fixes: #2214
51 lines
1.1 KiB
Go
51 lines
1.1 KiB
Go
// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package cookie // import "miniflux.app/v2/internal/http/cookie"
|
|
|
|
import (
|
|
"net/http"
|
|
"time"
|
|
|
|
"miniflux.app/v2/internal/config"
|
|
)
|
|
|
|
// Cookie names.
|
|
const (
|
|
CookieAppSessionID = "MinifluxAppSessionID"
|
|
CookieUserSessionID = "MinifluxUserSessionID"
|
|
)
|
|
|
|
// New creates a new cookie.
|
|
func New(name, value string, isHTTPS bool, path string) *http.Cookie {
|
|
return &http.Cookie{
|
|
Name: name,
|
|
Value: value,
|
|
Path: basePath(path),
|
|
Secure: isHTTPS,
|
|
HttpOnly: true,
|
|
Expires: time.Now().Add(time.Duration(config.Opts.CleanupRemoveSessionsDays()) * 24 * time.Hour),
|
|
SameSite: http.SameSiteLaxMode,
|
|
}
|
|
}
|
|
|
|
// Expired returns an expired cookie.
|
|
func Expired(name string, isHTTPS bool, path string) *http.Cookie {
|
|
return &http.Cookie{
|
|
Name: name,
|
|
Value: "",
|
|
Path: basePath(path),
|
|
Secure: isHTTPS,
|
|
HttpOnly: true,
|
|
MaxAge: -1,
|
|
Expires: time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC),
|
|
SameSite: http.SameSiteLaxMode,
|
|
}
|
|
}
|
|
|
|
func basePath(path string) string {
|
|
if path == "" {
|
|
return "/"
|
|
}
|
|
return path
|
|
}
|