csrf: able to set custom cookie name

Add new config option '[session] CSRF_COOKIE_NAME'.

conf/app.ini

@@ -250,6 +250,8 @@ ENABLE_SET_COOKIE = true
 GC_INTERVAL_TIME = 86400
 ; Session life time, default is 86400
 SESSION_LIFE_TIME = 86400
+; Cookie name for CSRF
+CSRF_COOKIE_NAME = _csrf
 
 [picture]
 ; Path to store user uploaded avatars

gogs.go

@@ -16,7 +16,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.9.165.0222 / 0.10 RC"
+const APP_VER = "0.9.166.0222 / 0.10 RC"
 
 func init() {
 	setting.AppVer = APP_VER

modules/setting/setting.go

@@ -187,7 +187,7 @@ var (
 
 	// Session settings
 	SessionConfig  session.Options
-	CSRFCookieName = "_csrf"
+	CSRFCookieName string
 
 	// Cron tasks
 	Cron struct {
@@ -744,6 +744,7 @@ func newSessionService() {
 	SessionConfig.Secure = Cfg.Section("session").Key("COOKIE_SECURE").MustBool()
 	SessionConfig.Gclifetime = Cfg.Section("session").Key("GC_INTERVAL_TIME").MustInt64(86400)
 	SessionConfig.Maxlifetime = Cfg.Section("session").Key("SESSION_LIFE_TIME").MustInt64(86400)
+	CSRFCookieName = Cfg.Section("session").Key("CSRF_COOKIE_NAME").MustString("_csrf")
 
 	log.Info("Session Service Enabled")
 }

templates/.VERSION

@@ -1 +1 @@
-0.9.165.0222 / 0.10 RC
+0.9.166.0222 / 0.10 RC