Skip to content

docs(examples): harden login_form session cookie#5662

Open
constantin-jais wants to merge 1 commit into
DioxusLabs:mainfrom
constantin-jais:docs/login-form-cookie-hardening
Open

docs(examples): harden login_form session cookie#5662
constantin-jais wants to merge 1 commit into
DioxusLabs:mainfrom
constantin-jais:docs/login-form-cookie-hardening

Conversation

@constantin-jais

Copy link
Copy Markdown

Summary

  • add HttpOnly, SameSite=Strict, and Path=/ to the login_form example session cookie
  • document adding Secure for HTTPS deployments

Validation

  • cargo check --example login_form

The example is the canonical reference for rolling session auth with
server functions, and it set the session id in a bare cookie: readable
from document.cookie (XSS token theft) and sent cross-site. Add
HttpOnly; SameSite=Strict; Path=/ and a comment pointing at Secure for
HTTPS deployments, so copy-pasted code starts from a safe baseline.

Claude-Session: https://claude.ai/code/session_015toc12d2m9EyacRBuFQuuZ
@constantin-jais constantin-jais requested a review from a team as a code owner July 3, 2026 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant