score:0

browser can't save cookie because httponly options is true. if you want to save cookies to client browser, set your httponly option false. but this is not safe to defend xss attack.

cookie := &http.cookie{
    name:     "jwt",
    value:    token,
    expires:  time.now().add(time.minute * 60),
    httponly: false,
}

restrict access to cookies

score:0

to include de cookie generated by go in the request to your server the required code is:

cookie := &http.cookie{
    name:     "jwt",
    value:    token,
    expires:  time.now().add(time.minute * 60),
    httponly: true,
    secure: true,
    samesite: http.samesitenonemode, // if you pretend to enable cross-site
}

note: httponly, secure and samesite is required.


Related Query

More Query from same tag