Allow Sessions to support secure cookie settings (#211)

Signed-off-by: Jacob Torrey <[email protected]>
planety · Feb 24, 2023 · efb1284 · efb1284
1 parent ab0a5b4
commit efb1284
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/src/prologue/middlewares/sessions/memorysession.nim b/src/prologue/middlewares/sessions/memorysession.nim
@@ -21,7 +21,8 @@ proc sessionMiddleware*(
   path = "",
   domain = "",
   sameSite = Lax,
-  httpOnly = false
+  httpOnly = false,
+  secure = false
 ): HandlerAsync =
 
   var memorySessionTable = newTable[string, Session]()
@@ -38,7 +39,7 @@ proc sessionMiddleware*(
       data = urlsafeBase64Encode(randomBytesSeq(16))
       ctx.setCookie(sessionName, data, 
               maxAge = some(maxAge), path = path, domain = domain, 
-              sameSite = sameSite, httpOnly = httpOnly)
+              sameSite = sameSite, httpOnly = httpOnly, secure = secure)
       memorySessionTable[data] = ctx.session
 
     await switch(ctx)

diff --git a/src/prologue/middlewares/sessions/redissession.nim b/src/prologue/middlewares/sessions/redissession.nim
@@ -30,7 +30,8 @@ proc sessionMiddleware*(
   path = "",
   domain = "",
   sameSite = Lax,
-  httpOnly = false
+  httpOnly = false,
+  secure = false
 ): HandlerAsync =
 
   var redisClient = waitFor openAsync()
@@ -53,7 +54,7 @@ proc sessionMiddleware*(
       data = genUid()
       ctx.setCookie(sessionName, data, 
               maxAge = some(maxAge), path = path, domain = domain, 
-              sameSite = sameSite, httpOnly = httpOnly)
+              sameSite = sameSite, httpOnly = httpOnly, secure = secure)
 
     await switch(ctx)
 

diff --git a/src/prologue/middlewares/sessions/signedcookiesession.nim b/src/prologue/middlewares/sessions/signedcookiesession.nim
@@ -24,7 +24,8 @@ proc sessionMiddleware*(
   path = "",
   domain = "",
   sameSite = Lax,
-  httpOnly = false
+  httpOnly = false,
+  secure = false
 ): HandlerAsync =
 
   var secretKey = settings["prologue"].getOrDefault("secretKey").getStr
@@ -69,4 +70,4 @@ proc sessionMiddleware*(
     if ctx.session.modified:
       ctx.setCookie(sessionName, signer.sign(dumps(ctx.session)), 
                     maxAge = some(maxAge), path = path, domain = domain, 
-                    sameSite = sameSite, httpOnly = httpOnly)
+                    sameSite = sameSite, httpOnly = httpOnly, secure = secure)