| // SPDX-License-Identifier: Apache-2.0 |
| // SPDX-FileCopyrightText: Copyright OpenBMC Authors |
| #pragma once |
| |
| #include "http_response.hpp" |
| #include "sessions.hpp" |
| |
| #include <boost/beast/http/field.hpp> |
| |
| namespace bmcweb |
| { |
| |
| inline void setSessionCookies(crow::Response& res, |
| const persistent_data::UserSession& session) |
| { |
| res.addHeader(boost::beast::http::field::set_cookie, |
| "XSRF-TOKEN=" + session.csrfToken + |
| "; Path=/; SameSite=Strict; Secure"); |
| res.addHeader(boost::beast::http::field::set_cookie, |
| "SESSION=" + session.sessionToken + |
| "; Path=/; SameSite=Strict; Secure; HttpOnly"); |
| } |
| |
| inline void clearSessionCookies(crow::Response& res) |
| { |
| res.addHeader(boost::beast::http::field::set_cookie, |
| "SESSION=" |
| "; Path=/; SameSite=Strict; Secure; HttpOnly; " |
| "expires=Thu, 01 Jan 1970 00:00:00 GMT"); |
| res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")"); |
| } |
| |
| } // namespace bmcweb |