Audit Required: Insecure cookie for gin sessions GO-S1044
Security
Major
a01
owasp top 10
A secure cookie instructs the browser not to send the cookie in insecure contexts such as while using HTTP. This prevents session stealing via a MITM attack.
Bad practice
package main
import (
"net/http"
"github.com/gin-contrib/sessions"
)
func foo(store sessions.Store) {
store.Options(sessions.Options{Secure: false})
}
Recommended
package main
import (
"net/http"
"github.com/gin-contrib/sessions"
)
func foo(store sessions.Store) {
store.Options(sessions.Options{Secure: true})
}