Gin is a widely used web framework in Go, offering powerful features to streamline website development. Among its many capabilities, handling sessions and cookies is a critical aspect for building functional web applications.This post highlights a behavior in the Gin framework that may not be immediately obvious or intuitive—the missing session cookie issue.So, what exactly is the missing session cookie issue? It occurs when a session is created and saved in one route but isn’t accessible in other routes. Additionally, the expected session cookie with the specified key is not prese...

Starting from Chrome 51, a new attribute SameSite has been introduced for browser cookie. This attribute is to prevent CSRF attack.Cookie is normally used to store data exchanged between client and server. It frequently stores user login information. If a malicious website can forge a HTTP request with the valid third party website cookie, it may be called a CSRF attack.For example, if a user logins to a bank website your-bank.com, the bank server responds a cookie:Set-Cookie:id=a3fWa;Later the user somehow visits malicious.com and there is a form on the website.<form action="your-bank...