type

Cookie

@Js
const class Cookie : Obj

Cookie models an HTTP cookie used to pass data between the server and user agent as defined by RFC 6265.

See WebReq.cookies and WebRes.cookies.

constructors

fromStr

Parse a HTTP cookie header name/value pair.
make

Construct with name and value.

fields

domain

Specifies the domain for which the cookie is valid.
httpOnly

If true, then the cookie is not available to JavaScript.
maxAge

Defines the lifetime of the cookie, after the the max-age elapses the client should discard the cookie.
name

Name of the cookie.
path

Specifies the subset of URLs to which the cookie applies.
sameSite

If this value is non-null, then we add the SameSite attribute to the cookie.
secure

If true, then the client only sends this cookie using a secure protocol such as HTTPS.
val

Value string of the cookie.

methods

toStr

Return the cookie formatted as an Set-Cookie HTTP header.

Slot Details

domain

const Str? domain

Specifies the domain for which the cookie is valid. An explicit domain must always start with a dot. If null (the default) then the cookie only applies to the server which set it.

fromStr

static new fromStr(Str s, Bool checked := true)

Parse a HTTP cookie header name/value pair. The parsing of the name-value pair is done according to the algorithm outlined in § 5.2 of the RFC.

Throw ParseErr or return null if not formatted correctly.

httpOnly

const Bool httpOnly := true

If true, then the cookie is not available to JavaScript. Defaults to true.

make

new make(Str name, Str val, |This|? f := null)

Construct with name and value. The name must be a valid HTTP token and must not start with "$" (see WebUtil.isToken). The value string must be an ASCII string within the inclusive range of 0x20 and 0x7e (see WebUtil.toQuotedStr) with the exception of the semicolon.

Fantom cookies will use quoted string values, however some browsers such as IE won't parse a quoted string with semicolons correctly, so we make semicolons illegal. If you have a value which might include non-ASCII characters or semicolons, then consider encoding using something like Base64:

// write response
res.cookies.add(Cookie("baz", val.toBuf.toBase64))

// read from request
val := Buf.fromBase64(req.cookies.get("baz", "")).readAllStr

maxAge

const Duration? maxAge

Defines the lifetime of the cookie, after the the max-age elapses the client should discard the cookie. The duration is floored to seconds (fractional seconds are truncated). If maxAge is null (the default) then the cookie persists until the client is shutdown. If zero is specified, the cookie is discarded immediately. Note that many browsers still don't recognize max-age, so setting max-age also always includes an expires attribute.

name

const Str name

Name of the cookie.

path

const Str? path := "/"

Specifies the subset of URLs to which the cookie applies. If set to "/" (the default), then the cookie applies to all paths. If the path is null, it as assumed to be the same path as the document being described by the header which contains the cookie.

sameSite

const Str? sameSite := "strict"

If this value is non-null, then we add the SameSite attribute to the cookie. Valid values are

  • lax
  • strict By default we set the attribute to strict

secure

const Bool secure := false

If true, then the client only sends this cookie using a secure protocol such as HTTPS. Defaults to false.

toStr

virtual override Str toStr()

Return the cookie formatted as an Set-Cookie HTTP header.

val

const Str val

Value string of the cookie.

Haxall 3.1.9 ∙ 01-Dec-2023 16:07 EST