From 311d11a3c1d0238816924d195fbb72372082ad9a Mon Sep 17 00:00:00 2001
From: mhsanaei <ho3ein.sanaei@gmail.com>
Date: Fri, 12 Sep 2025 13:04:36 +0200
Subject: [PATCH] cookie: MaxAge

and minor changes
---
 web/session/session.go |  3 +++
 web/web.go             | 20 +++++++++++++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/web/session/session.go b/web/session/session.go
index 13aedad8..c793c713 100644
--- a/web/session/session.go
+++ b/web/session/session.go
@@ -2,6 +2,7 @@ package session
 
 import (
 	"encoding/gob"
+	"net/http"
 
 	"x-ui/database/model"
 
@@ -32,6 +33,7 @@ func SetMaxAge(c *gin.Context, maxAge int) {
 		Path:     defaultPath,
 		MaxAge:   maxAge,
 		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
 	})
 }
 
@@ -61,5 +63,6 @@ func ClearSession(c *gin.Context) {
 		Path:     defaultPath,
 		MaxAge:   -1,
 		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
 	})
 }
diff --git a/web/web.go b/web/web.go
index 38eb24d6..35255104 100644
--- a/web/web.go
+++ b/web/web.go
@@ -31,7 +31,7 @@ import (
 	"github.com/robfig/cron/v3"
 )
 
-//go:embed assets/*
+//go:embed assets
 var assetsFS embed.FS
 
 //go:embed html/*
@@ -180,6 +180,15 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 	assetsBasePath := basePath + "assets/"
 
 	store := cookie.NewStore(secret)
+	// Configure default session cookie options, including expiration (MaxAge)
+	if sessionMaxAge, err := s.settingService.GetSessionMaxAge(); err == nil {
+		store.Options(sessions.Options{
+			Path:     "/",
+			MaxAge:   sessionMaxAge * 60, // minutes -> seconds
+			HttpOnly: true,
+			SameSite: http.SameSiteLaxMode,
+		})
+	}
 	engine.Use(sessions.Sessions("3x-ui", store))
 	engine.Use(func(c *gin.Context) {
 		c.Set("base_path", basePath)
@@ -201,7 +210,11 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 	i18nWebFunc := func(key string, params ...string) string {
 		return locale.I18n(locale.Web, key, params...)
 	}
-	engine.FuncMap["i18n"] = i18nWebFunc
+	// Register template functions before loading templates
+	funcMap := template.FuncMap{
+		"i18n": i18nWebFunc,
+	}
+	engine.SetFuncMap(funcMap)
 	engine.Use(locale.LocalizerMiddleware())
 
 	// set static files and template
@@ -211,11 +224,12 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 		if err != nil {
 			return nil, err
 		}
+		// Use the registered func map with the loaded templates
 		engine.LoadHTMLFiles(files...)
 		engine.StaticFS(basePath+"assets", http.FS(os.DirFS("web/assets")))
 	} else {
 		// for production
-		template, err := s.getHtmlTemplate(engine.FuncMap)
+		template, err := s.getHtmlTemplate(funcMap)
 		if err != nil {
 			return nil, err
 		}