I am using gin with gin-contrib/sessions for session management. With this session management package, session cookie is going in the response, but I am not able set “domain” in the cookie due to some bug in gin-contrib/sessions. Is there any other package that can be used for session management, but allows to set “domain” in the session cookie?
Setting the cookie domain to “bar.com” makes the cookie accessible from its subdomains like “foo.bar.com” and “baz.bar.com”. Setting it to a subdomain such as “foo.bar.com” makes the cookie accessible only on that subdomain.
I am following the same approach, but instead of cookies package, I am using Redis for storing the session. At my end, it doesn’t work with Redis, Set-Cookie in HTTP response contains: Set-Cookie: mysession=; Domain=dev.com i.e. mysession is empty. It works fine for me if I use cookie store.
Please have a look at the following code, does it work for you?
Since we are passing a new sessions.Options{} struct and the MaxAge was not set an explicit value, it uses a zero-value instead, overwriting the default that was set when the store was created, possibly causing the MaxAge to be set to zero and automatically expiring your session:
Try specifying a MaxAge for session expiration along with the domain. MaxAge default used by the lib was set to 30 days, so you can use that.