From 3f28e083e7e5de54475f52bcb38c7495ecc608a0 Mon Sep 17 00:00:00 2001
From: Aaron Lindsay <aaron@aclindsay.com>
Date: Tue, 5 Dec 2017 05:42:11 -0500
Subject: [PATCH] User insecure cookies to allow non-HTTPS sessions

---
 internal/handlers/sessions.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/handlers/sessions.go b/internal/handlers/sessions.go
index 55c9317..61748f0 100644
--- a/internal/handlers/sessions.go
+++ b/internal/handlers/sessions.go
@@ -102,7 +102,7 @@ func NewSession(tx *Tx, r *http.Request, userid int64) (*NewSessionWriter, error
 		Path:     "/",
 		Domain:   r.URL.Host,
 		Expires:  time.Now().AddDate(0, 1, 0), // a month from now
-		Secure:   true,
+		Secure:   false,
 		HttpOnly: true,
 	}