const class web::Cookie
sys::Obj web::Cookie
@Js
Cookie models an HTTP cookie used to pass data between the server and brower as defined by the original Netscape cookie specification and RFC 2109. Note the newer RFC 2965 is unsupported by most browsers, and even 2109 isn't really supported by some of the major browsers. See WebReq.cookies
and WebRes.cookies
.
- domain
-
const Str? domain
Specifies the domain for which the cookie is valid. An explicit domain must always start with a dot. If null (the default) then the cookie only applies to the server which set it.
- fromStr
-
const static Cookie fromStr(Str s)
Parse a HTTP cookie header name/value pair. Throw ParseErr if not formatted correctly.
- make
-
new make(Str name, Str val, |This|? f := null)
Construct with name and value. The name must be a valid HTTP token and must not start with "$" (see
WebUtil.isToken
). The value string must be an ASCII string within the inclusive range of 0x20 and 0x7e (seeWebUtil.toQuotedStr
) with the exception of the semicolon.Fantom cookies will use quoted string values, however some browsers such as IE won't parse a quoted string with semicolons correctly, so we make semicolons illegal. If you have a value which might include non-ASCII characters or semicolons, then consider encoding using something like Base64:
// write response res.cookies.add(Cookie("baz", val.toBuf.toBase64)) // read from request val := Buf.fromBase64(req.cookies.get("baz", "")).readAllStr
- maxAge
-
const Duration? maxAge
Defines the lifetime of the cookie, after the the max-age elapses the client should discard the cookie. The duration is floored to seconds (fractional seconds are truncated). If maxAge is null (the default) then the cookie persists until the client is shutdown. If zero is specified, the cookie is discarded immediately. Note that many browsers still don't recognize max-age, so setting max-age also always includes an expires attribute.
- name
-
const Str name
Name of the cookie.
- path
-
const Str? path := "/"
Specifies the subset of URLs to which the cookie applies. If set to "/" (the default), then the cookie applies to all paths. If the path is null, it as assumed to be the same path as the document being described by the header which contains the cookie.
- secure
-
const Bool secure := false
If true, then the client only sends this cookie using a secure protocol such as HTTPS. Defaults to false.
- toStr
-
virtual override Str toStr()
Return the cookie formatted as an HTTP header.
- val
-
const Str val
Value string of the cookie.