package session

import (
	"crypto/rand"
	"log"

	"github.com/gorilla/sessions"
)

var Store *sessions.CookieStore

func init() {
	// Generate a secure 32-byte key for session authentication
	authKey := make([]byte, 32)
	_, err := rand.Read(authKey)
	if err != nil {
		// Fallback to a static key if random generation fails
		authKey = []byte("your-32-byte-long-auth-key-here!!")
		log.Println("Warning: Using static session key. Generate a secure key for production!")
	}

	Store = sessions.NewCookieStore(authKey)

	// Configure session options
	Store.Options = &sessions.Options{
		Path:     "/",
		MaxAge:   86400 * 7, // 7 days
		HttpOnly: true,
		Secure:   false, // Set to true if using HTTPS
	}
}