Select Git revision
-
ale authoredThe login handler is now a simpler, standalone http.Handler wrapper. The separation between the SSO application and the login handler is now fairly complete. The login handler no longer forces the user to a specific workflow via session cookies, but it works on a request-by-request basis instead, which makes the "back" button works as expected (allowing the user to bail out of a broken 2FA process, for example). Session handling has been simplified as well: there is a single session for authentication and login state, which should remove the opportunity for session synchronization errors.
ale authoredThe login handler is now a simpler, standalone http.Handler wrapper. The separation between the SSO application and the login handler is now fairly complete. The login handler no longer forces the user to a specific workflow via session cookies, but it works on a request-by-request basis instead, which makes the "back" button works as expected (allowing the user to bail out of a broken 2FA process, for example). Session handling has been simplified as well: there is a single session for authentication and login state, which should remove the opportunity for session synchronization errors.
options.go 478 B
// +build !go1.11
package sessions
// Options stores configuration for a session or session store.
//
// Fields are a subset of http.Cookie fields.
type Options struct {
Path string
Domain string
// MaxAge=0 means no Max-Age attribute specified and the cookie will be
// deleted after the browser session ends.
// MaxAge<0 means delete cookie immediately.
// MaxAge>0 means Max-Age attribute present and given in seconds.
MaxAge int
Secure bool
HttpOnly bool
}