fix cookie defaults

2025-04-01 11:56:57 -05:00 · 2025-04-01 11:56:57 -05:00 · d34ef94ad7
commit d34ef94ad7
parent d516147238
1 changed files with 7 additions and 8 deletions
--- a/core/runner/Cookies.go
+++ b/core/runner/Cookies.go
@ -117,23 +117,22 @@ local cookie = {
        if opts.expires then
            if type(opts.expires) == "number" then
                if opts.expires > 0 then
-                    -- Add seconds to current time
                    cookie.max_age = opts.expires
                    local now = os.time()
                    cookie.expires = now + opts.expires
                elseif opts.expires < 0 then
-                    -- Session cookie (default)
-                else
-                    -- Expire immediately
-                    cookie.expires = 0
+                    cookie.expires = 1
                    cookie.max_age = 0
+                else
+                    -- opts.expires == 0: Session cookie
+                    -- Do nothing (omitting both expires and max-age creates a session cookie)
                end
            end
        end

-        -- Set flags (http_only defaults to true)
-        cookie.secure = opts.secure or false
-        cookie.http_only = (opts.http_only ~= false) -- Default to true unless explicitly set to false
+        -- Security flags
+        cookie.secure = (opts.secure ~= false)
+        cookie.http_only = (opts.http_only ~= false)

        -- Store in cookies table
        local n = #resp.cookies + 1