Implement feature request: http://support.iris-go.com/d/29-mark-cookie-for-session-as-secure

Example:

app := iris.New()
app.Adapt(httprouter.New())
// IMPORTANT
cookieName := "mycustomsessionid"
// AES only supports key sizes of 16, 24 or 32 bytes.
// You either need to provide exactly that amount or you derive the key
from what you type in.
hashKey := []byte("the-big-and-secret-fash-key-here")
blockKey := []byte("lot-secret-of-characters-big-too")
secureCookie := securecookie.New(hashKey, blockKey)

app.Adapt(sessions.New(sessions.Config{
Cookie: cookieName,
Encode: secureCookie.Encode,
Decode: secureCookie.Decode,
}))

Former-commit-id: 6fe5ce6cb834d55862242e08405fad4e721caa5b

policy_sessions_test.go

@@ -3,6 +3,7 @@ package iris_test
 import (
 	"testing"
 
+	"github.com/gorilla/securecookie" // optional, to set sessions'' Encode and Decode
 	"gopkg.in/kataras/iris.v6"
 	"gopkg.in/kataras/iris.v6/adaptors/httprouter"
 	"gopkg.in/kataras/iris.v6/adaptors/sessions"
@@ -167,3 +168,88 @@ func TestFlashMessages(t *testing.T) {
 	//	e.GET("/get/").Expect().Status(http.StatusOK).JSON().Object().Equal(values)
 	e.GET("/get_single").Expect().Status(iris.StatusOK).Body().Equal(valueSingleValue)
 }
+
+func TestSessionsEncodeDecode(t *testing.T) {
+	// test the sessions encode decode via gorilla.securecookie
+	values := map[string]interface{}{
+		"Name":   "iris",
+		"Months": "4",
+		"Secret": "dsads£2132215£%%Ssdsa",
+	}
+	app := iris.New()
+	app.Adapt(httprouter.New())
+	// IMPORTANT
+	cookieName := "mycustomsessionid"
+	// AES only supports key sizes of 16, 24 or 32 bytes.
+	// You either need to provide exactly that amount or you derive the key from what you type in.
+	hashKey := []byte("the-big-and-secret-fash-key-here")
+	blockKey := []byte("lot-secret-of-characters-big-too")
+	secureCookie := securecookie.New(hashKey, blockKey)
+
+	app.Adapt(sessions.New(sessions.Config{
+		Cookie: cookieName,
+		Encode: secureCookie.Encode,
+		Decode: secureCookie.Decode,
+	}))
+	//
+
+	writeValues := func(ctx *iris.Context) {
+		sessValues := ctx.Session().GetAll()
+		ctx.JSON(iris.StatusOK, sessValues)
+	}
+
+	if testEnableSubdomain {
+		app.Party(testSubdomain+".").Get("/get", func(ctx *iris.Context) {
+			writeValues(ctx)
+		})
+	}
+
+	app.Post("set", func(ctx *iris.Context) {
+		vals := make(map[string]interface{}, 0)
+		if err := ctx.ReadJSON(&vals); err != nil {
+			t.Fatalf("Cannot readjson. Trace %s", err.Error())
+		}
+		for k, v := range vals {
+			ctx.Session().Set(k, v)
+		}
+	})
+
+	app.Get("/get", func(ctx *iris.Context) {
+		writeValues(ctx)
+	})
+
+	app.Get("/clear", func(ctx *iris.Context) {
+		ctx.Session().Clear()
+		writeValues(ctx)
+	})
+
+	app.Get("/destroy", func(ctx *iris.Context) {
+		ctx.SessionDestroy()
+		writeValues(ctx)
+		// the cookie and all values should be empty
+	})
+
+	// request cookie should be empty
+	app.Get("/after_destroy", func(ctx *iris.Context) {
+	})
+	app.Config.VHost = "mydomain.com"
+	e := httptest.New(app, t)
+
+	e.POST("/set").WithJSON(values).Expect().Status(iris.StatusOK).Cookies().NotEmpty()
+	e.GET("/get").Expect().Status(iris.StatusOK).JSON().Object().Equal(values)
+	if testEnableSubdomain {
+		es := subdomainTester(e, app)
+		es.Request("GET", "/get").Expect().Status(iris.StatusOK).JSON().Object().Equal(values)
+	}
+
+	// test destroy which also clears first
+	d := e.GET("/destroy").Expect().Status(iris.StatusOK)
+	d.JSON().Object().Empty()
+	// 	This removed: d.Cookies().Empty(). Reason:
+	// httpexpect counts the cookies setted or deleted at the response time, but cookie is not removed, to be really removed needs to SetExpire(now-1second) so,
+	// test if the cookies removed on the next request, like the browser's behavior.
+	e.GET("/after_destroy").Expect().Status(iris.StatusOK).Cookies().Empty()
+	// set and clear again
+	e.POST("/set").WithJSON(values).Expect().Status(iris.StatusOK).Cookies().NotEmpty()
+	e.GET("/clear").Expect().Status(iris.StatusOK).JSON().Object().Empty()
+}