// tokens are in cookies
// note: don't use an "Expires" in auth cookies bc browsers won't send expired cookies?
authCookie := http.Cookie{
Name: a.options.AuthTokenName,
Value: authTokenString,
Path: "/",
// Expires: time.Now().Add(a.options.AuthTokenValidTime),
HttpOnly: true,
Secure: !a.options.IsDevEnv,
}
http.SetCookie(w, &authCookie)
You've commented "Expires" and you're not setting "MaxAge" either:
MaxAge: int(a.options.AuthTokenValidTime.Seconds()),
adam-hanna
commented
2 years ago
// tokens are in cookies // note: don't use an "Expires" in auth cookies bc browsers won't send expired cookies? authCookie := http.Cookie{ Name: a.options.AuthTokenName, Value: authTokenString, Path: "/", // Expires: time.Now().Add(a.options.AuthTokenValidTime), HttpOnly: true, Secure: !a.options.IsDevEnv, } http.SetCookie(w, &authCookie)
You've commented "Expires" and you're not setting "MaxAge" either: MaxAge: int(a.options.AuthTokenValidTime.Seconds()),