From c188056f64be268dda8f7c16e23f7ef9c90d014f Mon Sep 17 00:00:00 2001
From: MHSanaei <ho3ein.sanaei@gmail.com>
Date: Mon, 20 Apr 2026 14:00:18 +0200
Subject: Centralize session options and adjust cookies

Configure session cookie options centrally in initRouter and remove per-login MaxAge handling. Deleted SetMaxAge helper and its use in the login flow; session.Options are now applied once using basePath with HttpOnly and SameSite defaults, and MaxAge is set only when the stored setting is available and >0. Also make CookieManager.setCookie treat exdays as optional (only add expires when provided) and stop using a hardcoded 150-day expiry for the lang cookie in the JS language manager.

Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
---
 web/controller/index.go | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'web/controller/index.go')

diff --git a/web/controller/index.go b/web/controller/index.go
index dd58e5e5..1325bed5 100644
--- a/web/controller/index.go
+++ b/web/controller/index.go
@@ -95,12 +95,6 @@ func (a *IndexController) login(c *gin.Context) {
 	logger.Infof("%s logged in successfully, Ip Address: %s\n", safeUser, getRemoteIp(c))
 	a.tgbot.UserLoginNotify(safeUser, ``, getRemoteIp(c), timeStr, 1)
 
-	sessionMaxAge, err := a.settingService.GetSessionMaxAge()
-	if err != nil {
-		logger.Warning("Unable to get session's max age from DB")
-	}
-
-	session.SetMaxAge(c, sessionMaxAge*60)
 	session.SetLoginUser(c, user)
 	if err := sessions.Default(c).Save(); err != nil {
 		logger.Warning("Unable to save session: ", err)
-- 
cgit v1.2.3