Logo
Sessions & Security
Overview

Sessions & Security

Cookie session configuration and auth middleware behavior in Snare.

1 min read
Sessions Cookies Security

Session Store

Snare configures cookie-backed sessions using:

  • gin-contrib/sessions
  • gin-contrib/sessions/cookie

Session name is mysession.

Current route registration sets:

  • MaxAge: 3600 seconds
  • Path: /
  • HttpOnly: true
  • SameSite: Strict

Middleware Behavior

Protected endpoints use AuthRequired middleware.

When session user data is missing, middleware:

  • Redirects to /auth/login
  • Aborts request handling

Hardening Notes

  • Set Secure: true in production (HTTPS)
  • Rotate session secret and store it in environment config
  • Add CSRF protections at app or proxy layer