Blame - include/cookies.hpp - openbmc/bmcweb

blob: ef76cd634e9b8247c586f1ecd52e9b5bf4476990 [file] [log] [blame]

Ed Tanous	40e9b92	2024-09-10 13:50:16 -0700	[diff] [blame]	1	// SPDX-License-Identifier: Apache-2.0
				2	// SPDX-FileCopyrightText: Copyright OpenBMC Authors
Paul Fertser	29aab24	2024-06-12 19:28:47 +0000	[diff] [blame]	3	#pragma once
				4
				5	#include "http_response.hpp"
				6	#include "sessions.hpp"
				7
Ed Tanous	d785720	2025-01-28 15:32:26 -0800	[diff] [blame]	8	#include <boost/beast/http/field.hpp>
				9
Paul Fertser	29aab24	2024-06-12 19:28:47 +0000	[diff] [blame]	10	namespace bmcweb
				11	{
				12
				13	inline void setSessionCookies(crow::Response& res,
				14	const persistent_data::UserSession& session)
				15	{
				16	res.addHeader(boost::beast::http::field::set_cookie,
				17	"XSRF-TOKEN=" + session.csrfToken +
				18	"; Path=/; SameSite=Strict; Secure");
				19	res.addHeader(boost::beast::http::field::set_cookie,
				20	"SESSION=" + session.sessionToken +
				21	"; Path=/; SameSite=Strict; Secure; HttpOnly");
				22	}
				23
				24	inline void clearSessionCookies(crow::Response& res)
				25	{
				26	res.addHeader(boost::beast::http::field::set_cookie,
				27	"SESSION="
				28	"; Path=/; SameSite=Strict; Secure; HttpOnly; "
				29	"expires=Thu, 01 Jan 1970 00:00:00 GMT");
				30	res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")");
				31	}
				32
				33	} // namespace bmcweb