Merge pull request #819 from porter-dev/0.5.0-cookie-attributes

[0.5.0] Add `secure`, `httpOnly`, and `strict` site attributes to cookies

internal/auth/sessionstore/sessionstore.go

@@ -120,8 +120,11 @@ func NewStore(repo *repository.Repository, conf config.ServerConf) (*PGStore, er
 	dbStore := &PGStore{
 		Codecs: securecookie.CodecsFromPairs(keyPairs...),
 		Options: &sessions.Options{
-			Path:   "/",
-			MaxAge: 86400 * 30,
+			Path:     "/",
+			MaxAge:   86400 * 30,
+			Secure:   true,
+			HttpOnly: true,
+			SameSite: http.SameSiteStrictMode,
 		},
 		Repo: repo,
 	}