🚀 [Feature]: SessionOnly when cookie.Expires is 0 (#2152)

* feature: session only for zero expire cookie #2145

* refactor condition to set MaxAge and Expire on cookie

* move checking zero maxage and expire in session middleware

Signed-off-by: Yves Tumushimire <[email protected]>

* feature: session only for zero expire cookie #2145

* refactor condition to set MaxAge and Expire on cookie

* move checking zero maxage and expire in session middleware

Signed-off-by: Yves Tumushimire <[email protected]>

* CR changes

* some updates

---------

Signed-off-by: Yves Tumushimire <[email protected]>
Co-authored-by: Muhammed Efe Çetin <[email protected]>
Co-authored-by: René Werner <[email protected]>

ctx_test.go

@@ -721,6 +721,14 @@ func Test_Ctx_Cookie(t *testing.T) {
 	cookie.MaxAge = 10000
 	c.Cookie(cookie)
 	utils.AssertEqual(t, expect, string(c.Response().Header.Peek(HeaderSetCookie)))
+
+	expect = "username=john; path=/; secure; SameSite=None"
+	// should remove expires and max-age headers when no expire and no MaxAge (default time)
+	cookie.SessionOnly = false
+	cookie.Expires = time.Time{}
+	cookie.MaxAge = 0
+	c.Cookie(cookie)
+	utils.AssertEqual(t, expect, string(c.Response().Header.Peek(HeaderSetCookie)))
 }
 
 // go test -v -run=^$ -bench=Benchmark_Ctx_Cookie -benchmem -count=4

docs/api/middleware/session.md

@@ -134,6 +134,11 @@ type Config struct {
 	// Optional. Default value "Lax".
 	CookieSameSite string
 
+	// Decides whether cookie should last for only the browser sesison.
+	// Ignores Expiration if set to true
+	// Optional. Default value false.
+	CookieSessionOnly bool
+
 	// KeyGenerator generates the session key.
 	// Optional. Default value utils.UUID
 	KeyGenerator func() string

middleware/session/config.go

@@ -46,6 +46,11 @@ type Config struct {
 	// Optional. Default value "Lax".
 	CookieSameSite string
 
+	// Decides whether cookie should last for only the browser sesison.
+	// Ignores Expiration if set to true
+	// Optional. Default value false.
+	CookieSessionOnly bool
+
 	// KeyGenerator generates the session key.
 	// Optional. Default value utils.UUIDv4
 	KeyGenerator func() string

middleware/session/session.go

@@ -197,8 +197,12 @@ func (s *Session) setSession() {
 		fcookie.SetValue(s.id)
 		fcookie.SetPath(s.config.CookiePath)
 		fcookie.SetDomain(s.config.CookieDomain)
-		fcookie.SetMaxAge(int(s.exp.Seconds()))
-		fcookie.SetExpire(time.Now().Add(s.exp))
+		// Cookies are also session cookies if they do not specify the Expires or Max-Age attribute.
+		// refer: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
+		if !s.config.CookieSessionOnly {
+			fcookie.SetMaxAge(int(s.exp.Seconds()))
+			fcookie.SetExpire(time.Now().Add(s.exp))
+		}
 		fcookie.SetSecure(s.config.CookieSecure)
 		fcookie.SetHTTPOnly(s.config.CookieHTTPOnly)