In taxonomy server there is a hardcoded string for session encryption key.
This is the same string as in the documentation of the scs library. So, chances are high that attackers already try this out to defeat the session management.
var sessionManager = scs.NewCookieManager("u46IpCV9y5Vlur8YvODJEhgOY8m9JVE4")
Also, the session is not being used in the secure mode.
We need to uncomment the following line and test the service.
//sessionManager.Secure(true)
In taxonomy server there is a hardcoded string for session encryption key. This is the same string as in the documentation of the scs library. So, chances are high that attackers already try this out to defeat the session management.
var sessionManager = scs.NewCookieManager("u46IpCV9y5Vlur8YvODJEhgOY8m9JVE4")
Also, the session is not being used in the secure mode. We need to uncomment the following line and test the service.
//sessionManager.Secure(true)