diff options
Diffstat (limited to 'internal/auth/auth.go')
-rw-r--r-- | internal/auth/auth.go | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 920c5d12..77bc7d8e 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -35,6 +35,7 @@ const ( tokenContentTemplate = "client_id=%s&client_secret=%s&code=%s&grant_type=authorization_code&redirect_uri=%s" callbackPath = "/auth" authorizeProxyTemplate = "%s?domain=%s&state=%s" + authSessionMaxAge = 60 * 10 // 10 minutes ) var ( @@ -75,10 +76,10 @@ func (a *Auth) getSessionFromStore(r *http.Request) (*sessions.Session, error) { if session != nil { // Cookie just for this domain - session.Options = &sessions.Options{ - Path: "/", - HttpOnly: true, - } + session.Options.Path = "/" + session.Options.HttpOnly = true + session.Options.Secure = request.IsHTTPS(r) + session.Options.MaxAge = authSessionMaxAge } return session, err @@ -582,7 +583,6 @@ func createCookieStore(storeSecret string) sessions.Store { // New when authentication supported this will be used to create authentication handler func New(pagesDomain string, storeSecret string, clientID string, clientSecret string, redirectURI string, gitLabServer string) *Auth { - return &Auth{ pagesDomain: pagesDomain, clientID: clientID, |