feat: improve session security with HttpOnly and MaxAge options (#46)

Add HttpOnly flag to prevent XSS attacks on session cookies and set MaxAge to 3600 seconds (1 hour) for better session management

Author: hrntknr

pkg/mcp-proxy/main.go

@@ -207,6 +207,10 @@ func Run(
 	router.Use(ginzap.Ginzap(logger, time.RFC3339, true))
 	router.Use(ginzap.RecoveryWithZap(logger, true))
 	store := cookie.NewStore(secret)
+	store.Options(sessions.Options{
+		MaxAge:   3600,
+		HttpOnly: true,
+	})
 	router.Use(sessions.Sessions("session", store))
 	authRouter.SetupRoutes(router)
 	idpRouter.SetupRoutes(router)