| Ed Tanous | 40e9b92 | 2024-09-10 13:50:16 -0700 | [diff] [blame] | 1 | // SPDX-License-Identifier: Apache-2.0 |
| 2 | // SPDX-FileCopyrightText: Copyright OpenBMC Authors |
| Paul Fertser | 29aab24 | 2024-06-12 19:28:47 +0000 | [diff] [blame] | 3 | #pragma once |
| 4 | |
| 5 | #include "http_response.hpp" |
| 6 | #include "sessions.hpp" |
| 7 | |
| 8 | namespace bmcweb |
| 9 | { |
| 10 | |
| 11 | inline void setSessionCookies(crow::Response& res, |
| 12 | const persistent_data::UserSession& session) |
| 13 | { |
| 14 | res.addHeader(boost::beast::http::field::set_cookie, |
| 15 | "XSRF-TOKEN=" + session.csrfToken + |
| 16 | "; Path=/; SameSite=Strict; Secure"); |
| 17 | res.addHeader(boost::beast::http::field::set_cookie, |
| 18 | "SESSION=" + session.sessionToken + |
| 19 | "; Path=/; SameSite=Strict; Secure; HttpOnly"); |
| 20 | } |
| 21 | |
| 22 | inline void clearSessionCookies(crow::Response& res) |
| 23 | { |
| 24 | res.addHeader(boost::beast::http::field::set_cookie, |
| 25 | "SESSION=" |
| 26 | "; Path=/; SameSite=Strict; Secure; HttpOnly; " |
| 27 | "expires=Thu, 01 Jan 1970 00:00:00 GMT"); |
| 28 | res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")"); |
| 29 | } |
| 30 | |
| 31 | } // namespace bmcweb |