From 8f96251f949ee4649058e131b70f0b59c2b8c6a5 Mon Sep 17 00:00:00 2001
From: Oliver Booth <git@olivr.me>
Date: Sun, 25 Feb 2024 16:00:15 +0000
Subject: [PATCH] feat: add secure and samesite policy for sid

---
 OliverBooth/Services/SessionService.cs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/OliverBooth/Services/SessionService.cs b/OliverBooth/Services/SessionService.cs
index ab1a2ae..9ee415c 100644
--- a/OliverBooth/Services/SessionService.cs
+++ b/OliverBooth/Services/SessionService.cs
@@ -98,7 +98,12 @@ internal sealed class SessionService : BackgroundService, ISessionService
 
         IPAddress? remoteIpAddress = response.HttpContext.Connection.RemoteIpAddress;
         _logger.LogDebug("Writing cookie 'sid' to HTTP response for {RemoteAddr}", remoteIpAddress);
-        response.Cookies.Append("sid", Convert.ToBase64String(buffer), new CookieOptions { Expires = DateTimeOffset.UtcNow + TimeSpan.FromDays(30) });
+        response.Cookies.Append("sid", Convert.ToBase64String(buffer), new CookieOptions
+        {
+            Expires = DateTimeOffset.UtcNow + TimeSpan.FromDays(30),
+            Secure = true,
+            SameSite = SameSiteMode.Strict
+        });
     }
 
     /// <inheritdoc />