n4u
/
cowlib


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
							= cow_cookie(3)

== Name

cow_cookie - Cookies

== Description

The module `cow_cookie` provides functions for parsing
and manipulating cookie headers.

== Exports

* link:man:cow_cookie:parse_cookie(3)[cow_cookie:parse_cookie(3)] - Parse a cookie header
* link:man:cow_cookie:parse_set_cookie(3)[cow_cookie:parse_set_cookie(3)] - Parse a set-cookie header
* link:man:cow_cookie:cookie(3)[cow_cookie:cookie(3)] - Generate a cookie header
* link:man:cow_cookie:setcookie(3)[cow_cookie:setcookie(3)] - Generate a set-cookie header

== Types

=== cookie_attrs()

[source,erlang]
----
cookie_attrs() :: #{
    expires => calendar:datetime(),
    max_age => calendar:datetime(),
    domain => binary(),
    path => binary(),
    secure => true,
    http_only => true,
    same_site => strict | lax | none
}
----

Cookie attributes parsed from the set-cookie header.
The attributes must be passed as-is to a cookie store
engine for processing, along with the cookie name and value.
More information about the attributes can be found in
https://tools.ietf.org/html/rfc6265[RFC 6265].

=== cookie_opts()

[source,erlang]
----
cookie_opts() :: #{
    domain    => binary(),
    http_only => boolean(),
    max_age   => non_neg_integer(),
    path      => binary(),
    same_site => strict | lax | none,
    secure    => boolean()
}
----

Options for the set-cookie header. They are added to the
header as attributes. More information about the options
can be found in https://tools.ietf.org/html/rfc6265[RFC 6265].

The following options are defined:

domain::

Hosts to which the cookie will be sent. By default it will
only be sent to the origin server.

http_only::

Whether the cookie should be restricted to HTTP requests, or
it should also be exposed to other APIs, for example Javascript.
By default there are no restrictions.

max_age::

Maximum lifetime of the cookie, in seconds. By default the
cookie is kept for the duration of the session.

path::

Path to which the cookie will be sent. By default it will
be sent to the current "directory" of the effective request URI.

same_site::

Whether the cookie should be sent along with cross-site
requests. This attribute is currently non-standard but is in
the process of being standardized. Please refer to the
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7[RFC 6265 (bis) draft]
for details.
+
The default value for this attribute may vary depending on
user agent and configuration. Browsers are known to be more
strict over TCP compared to TLS.

secure::

Whether the cookie should be sent only on secure channels
(for example TLS). Note that this does not guarantee the
integrity of the cookie, only its confidentiality during
transfer. By default there are no restrictions.

== Changelog

* *2.10*: The `same_site` attribute and option may now be
          set to `none`.
* *2.9*: The `cookie_attrs` type was added.
* *1.0*: Module introduced.

== See also

link:man:cowlib(7)[cowlib(7)],
https://tools.ietf.org/html/rfc6265[RFC 6265]