SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Security and Session Hardening #9

New Issue
Open
opened 2025-10-23 21:49:10 +00:00 by H3ALY · 0 comments
H3ALY commented 2025-10-23 21:49:10 +00:00
Owner
Copy Link

Harden SCS config

  1. Set Secure, HttpOnly, SameSite cookies.
  2. Renew session on login.

Tune CSRF setup

  1. Configure nosurf base cookie properly.
  2. Inject CSRF tokens in forms.

Add rate-limiting middleware

  • Optional via Gin middleware.

Acceptance Criteria

  1. Session fixation impossible.
  2. Invalid CSRF tokens rejected with 403.
  3. Rate limiters functional.
**Harden SCS config** 1. Set Secure, HttpOnly, SameSite cookies. 2. Renew session on login. **Tune CSRF setup** 1. Configure nosurf base cookie properly. 2. Inject CSRF tokens in forms. **Add rate-limiting middleware** - Optional via Gin middleware. **Acceptance Criteria** 1. Session fixation impossible. 2. Invalid CSRF tokens rejected with 403. 3. Rate limiters functional.
H3ALY added this to the 🛠 In Progress project 2025-10-23 21:49:10 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
backend
bug
Something is not working
 duplicate
This issue or pull request already exists
 enhancement
New feature
 feature
frontend
help wanted
Need some help
 high-priority
invalid
Something is wrong
 low-priority
question
More information is needed
 security
UX
wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project 🛠 In Progress
Assignees
Clear assignees
H3ALY
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SynLotto/website#9
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?