(r *http.Request, token string, expiresAt time.Time)
| 398 | } |
| 399 | |
| 400 | func (s *Server) sessionCookie(r *http.Request, token string, expiresAt time.Time) *http.Cookie { |
| 401 | cookie := &http.Cookie{ |
| 402 | Name: sessionCookieName, |
| 403 | Value: token, |
| 404 | Path: "/api", |
| 405 | HttpOnly: true, |
| 406 | SameSite: http.SameSiteStrictMode, |
| 407 | Expires: expiresAt, |
| 408 | } |
| 409 | if s.effectiveScheme(r) == "https" { |
| 410 | cookie.Secure = true |
| 411 | } |
| 412 | return cookie |
| 413 | } |
| 414 | |
| 415 | func (s *Server) clearSessionCookie(r *http.Request) *http.Cookie { |
| 416 | cookie := s.sessionCookie(r, "", time.Unix(0, 0)) |
no test coverage detected