From c0a4637787b552fe974c39da7bad5176e794ed8f Mon Sep 17 00:00:00 2001 From: Takanori Hirano Date: Wed, 20 Aug 2025 13:23:12 +0000 Subject: [PATCH] feat: improve session security with HttpOnly and MaxAge options Add HttpOnly flag to prevent XSS attacks on session cookies and set MaxAge to 3600 seconds (1 hour) for better session management --- pkg/mcp-proxy/main.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/mcp-proxy/main.go b/pkg/mcp-proxy/main.go index efe732a..a8a0c48 100644 --- a/pkg/mcp-proxy/main.go +++ b/pkg/mcp-proxy/main.go @@ -207,6 +207,10 @@ func Run( router.Use(ginzap.Ginzap(logger, time.RFC3339, true)) router.Use(ginzap.RecoveryWithZap(logger, true)) store := cookie.NewStore(secret) + store.Options(sessions.Options{ + MaxAge: 3600, + HttpOnly: true, + }) router.Use(sessions.Sessions("session", store)) authRouter.SetupRoutes(router) idpRouter.SetupRoutes(router)