From 81547393f870a35be888759a606ba7bf71dbe5c7 Mon Sep 17 00:00:00 2001
From: Matt Silverlock <matt@eatsleeprepeat.net>
Date: Mon, 3 Sep 2018 08:45:04 -0700
Subject: [PATCH] Adds support for SameSite cookie attribute (#165)

---
 options.go       | 18 ++++++++++++++++++
 options_go111.go | 22 ++++++++++++++++++++++
 sessions.go      | 17 -----------------
 3 files changed, 40 insertions(+), 17 deletions(-)
 create mode 100644 options.go
 create mode 100644 options_go111.go

diff --git a/options.go b/options.go
new file mode 100644
index 0000000..38ba72f
--- /dev/null
+++ b/options.go
@@ -0,0 +1,18 @@
+// +build !go1.11
+
+package sessions
+
+// Options stores configuration for a session or session store.
+//
+// Fields are a subset of http.Cookie fields.
+type Options struct {
+	Path   string
+	Domain string
+	// MaxAge=0 means no Max-Age attribute specified and the cookie will be
+	// deleted after the browser session ends.
+	// MaxAge<0 means delete cookie immediately.
+	// MaxAge>0 means Max-Age attribute present and given in seconds.
+	MaxAge   int
+	Secure   bool
+	HttpOnly bool
+}
diff --git a/options_go111.go b/options_go111.go
new file mode 100644
index 0000000..388112a
--- /dev/null
+++ b/options_go111.go
@@ -0,0 +1,22 @@
+// +build go1.11
+
+package sessions
+
+import "net/http"
+
+// Options stores configuration for a session or session store.
+//
+// Fields are a subset of http.Cookie fields.
+type Options struct {
+	Path   string
+	Domain string
+	// MaxAge=0 means no Max-Age attribute specified and the cookie will be
+	// deleted after the browser session ends.
+	// MaxAge<0 means delete cookie immediately.
+	// MaxAge>0 means Max-Age attribute present and given in seconds.
+	MaxAge   int
+	Secure   bool
+	HttpOnly bool
+	// Defaults to http.SameSiteDefaultMode
+	SameSite http.SameSite
+}
diff --git a/sessions.go b/sessions.go
index 9870e31..2fcdf51 100644
--- a/sessions.go
+++ b/sessions.go
@@ -16,23 +16,6 @@ import (
 // Default flashes key.
 const flashesKey = "_flash"
 
-// Options --------------------------------------------------------------------
-
-// Options stores configuration for a session or session store.
-//
-// Fields are a subset of http.Cookie fields.
-type Options struct {
-	Path   string
-	Domain string
-	// MaxAge=0 means no Max-Age attribute specified and the cookie will be
-	// deleted after the browser session ends.
-	// MaxAge<0 means delete cookie immediately.
-	// MaxAge>0 means Max-Age attribute present and given in seconds.
-	MaxAge   int
-	Secure   bool
-	HttpOnly bool
-}
-
 // Session --------------------------------------------------------------------
 
 // NewSession is called by session stores to create a new session instance.