Wt  4.14.0
Loading...
Searching...
No Matches
Public Member Functions | List of all members
Wt::Http::HostCookie Class Reference

An HTTP Cookie with the "__Host-" prefix. More...

#include <Wt/Http/HostCookie.h>

Inheritance diagram for Wt::Http::HostCookie:
[legend]

Public Member Functions

 HostCookie (const std::string &name)
 Constructor for a host cookie without value.
 
 HostCookie (const std::string &name, const std::string &value, const Wt::WDateTime &expires)
 Constructor for a host cookie that expires at a certain datetime.
 
 HostCookie (const std::string &name, const std::string &value, const std::chrono::seconds &maxAge)
 Constructor for a host cookie that expires after certain duration.
 
std::string logicName () const
 Returns name of the cookie without the prefix.
 
void setSecure (bool secure) override
 Logs a warning.
 
void setPath (const std::string &path) override
 Logs a warning.
 
void setDomain (const std::string &domain) override
 Logs a warning.
 
- Public Member Functions inherited from Wt::Http::Cookie
 Cookie (const std::string &name)
 Constructor for cookie without value.
 
 Cookie (const std::string &name, const std::string &value, const Wt::WDateTime &expires)
 Constructor for a cookie that expires at a certain datetime.
 
 Cookie (const std::string &name, const std::string &value, const std::chrono::seconds &maxAge)
 Constructor for a cookie that expires after certain duration.
 
const std::string & name () const
 The cookie name.
 
void setValue (const std::string &value)
 Sets the cookie value.
 
const std::string & value () const
 The cookie value.
 
void setExpires (const Wt::WDateTime &expires)
 Sets when the cookie will expire.
 
const Wt::WDateTimeexpires () const
 The cookie expiration.
 
void setMaxAge (const std::chrono::seconds &maxAge)
 Sets the cookie's Max-Age.
 
const std::chrono::seconds & maxAge () const
 The cookie's Max-Age.
 
const std::string & domain () const
 The cookie domain.
 
const std::string & path () const
 The cookie path.
 
bool secure () const
 Returns if the cookie must be sent over secure connection.
 
void setHttpOnly (bool httpOnly)
 Sets if the cookie is only accessible through HTTP.
 
bool httpOnly () const
 Returns if the cookie is only accessible through HTTP.
 
void setSameSite (SameSite sameSite)
 Sets the cookie SameSite attribute.
 
SameSite sameSite () const
 The cookie SameSite attribute.
 

Additional Inherited Members

- Public Types inherited from Wt::Http::Cookie
enum class  SameSite { None , Lax , Strict }
 Enumeration of SameSite attribute values. More...
 

Detailed Description

An HTTP Cookie with the "__Host-" prefix.

This is a helper class used to create a cookie with the "__Host-" prefix.

A Cookie with the "__Host-" prefix can only be set over a HTTPS connection, and can only be overwritten by the domain that set it. It also enforces the Domain attribute of the cookie to be empty, the secure flag be set, and the Path attribute to be set to "/".

This protects the cookie from being altered by a compromised subdomain, stopping a potential attack vector.

See also
WEnvironment::getHostCookie(), WApplication::setCookie(const Http::Cookie&), WApplication::removeCookie(const Http::Cookie&), WEnvironment::supportsCookies(), SecureCookie

Constructor & Destructor Documentation

◆ HostCookie() [1/3]

Wt::Http::HostCookie::HostCookie ( const std::string &  name)
explicit

Constructor for a host cookie without value.

Allows you to only specify the name of the cookie. This can be useful if the intention is to pass it to WApplication::removeCookie(), in which case no value is needed.

See also
WApplication::removeCookie(const Http::Cookie&)
Note
The prefix is added automatically to the name.

◆ HostCookie() [2/3]

Wt::Http::HostCookie::HostCookie ( const std::string &  name,
const std::string &  value,
const Wt::WDateTime expires 
)

Constructor for a host cookie that expires at a certain datetime.

The name must be a valid cookie name (of type 'token': no special characters or separators, see RFC2616 page 16). The value may be anything.

See also
WApplication::setCookie(const Http::Cookie&)
Note
The prefix is added automatically to the name.

◆ HostCookie() [3/3]

Wt::Http::HostCookie::HostCookie ( const std::string &  name,
const std::string &  value,
const std::chrono::seconds &  maxAge 
)

Constructor for a host cookie that expires after certain duration.

The name must be a valid cookie name (of type 'token': no special characters or separators, see RFC2616 page 16). The value may be anything.

See also
WApplication::setCookie(const Http::Cookie&)
Note
The prefix is added automatically to the name.

Member Function Documentation

◆ setDomain()

void Wt::Http::HostCookie::setDomain ( const std::string &  domain)
overridevirtual

Logs a warning.

This function logs a warning instead of changing the domain, since the domain of a cookie with the "__Host-" prefix must always be empty.

Reimplemented from Wt::Http::Cookie.

◆ setPath()

void Wt::Http::HostCookie::setPath ( const std::string &  path)
overridevirtual

Logs a warning.

This function logs a warning instead of changing the path, since the path of a cookie with the "__Host-" prefix must always be set to "/".

Reimplemented from Wt::Http::Cookie.

◆ setSecure()

void Wt::Http::HostCookie::setSecure ( bool  secure)
overridevirtual

Logs a warning.

This function logs a warning instead of enabling/disabling the secure flag, since the secure flag must always be set on a cookie with the "__Host-" prefix.

Reimplemented from Wt::Http::Cookie.