From 138eb64e525cacdf894f652d9e851d5a14ec6645 Mon Sep 17 00:00:00 2001
From: Las Zenow <zenow@riseup.net>
Date: Thu, 3 Dec 2020 16:26:30 +0000
Subject: [PATCH] Set SameSite to strict on the session cookie

---
 lib/session.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/session.go b/lib/session.go
index b3087b4..eb68372 100644
--- a/lib/session.go
+++ b/lib/session.go
@@ -10,7 +10,12 @@ import (
 	"gitlab.com/trantor/trantor/lib/database"
 )
 
-var sesStore = sessions.NewCookieStore([]byte(os.Getenv("SESSION_KEY")))
+var sesStore *sessions.CookieStore
+
+func init() {
+	sesStore = sessions.NewCookieStore([]byte(os.Getenv("SESSION_KEY")))
+	sesStore.Options.SameSite = http.SameSiteStrictMode
+}
 
 type Notification struct {
 	Title string