| Ed Tanous | 40e9b92 | 2024-09-10 13:50:16 -0700 | [diff] [blame] | 1 | // SPDX-License-Identifier: Apache-2.0 |
| 2 | // SPDX-FileCopyrightText: Copyright OpenBMC Authors |
| Paul Fertser | 29aab24 | 2024-06-12 19:28:47 +0000 | [diff] [blame] | 3 | #pragma once |
| 4 | |
| 5 | #include "http_response.hpp" |
| 6 | #include "sessions.hpp" |
| 7 | |
| Ed Tanous | d785720 | 2025-01-28 15:32:26 -0800 | [diff] [blame] | 8 | #include <boost/beast/http/field.hpp> |
| 9 | |
| Paul Fertser | 29aab24 | 2024-06-12 19:28:47 +0000 | [diff] [blame] | 10 | namespace bmcweb |
| 11 | { |
| 12 | |
| 13 | inline void setSessionCookies(crow::Response& res, |
| 14 | const persistent_data::UserSession& session) |
| 15 | { |
| 16 | res.addHeader(boost::beast::http::field::set_cookie, |
| 17 | "XSRF-TOKEN=" + session.csrfToken + |
| 18 | "; Path=/; SameSite=Strict; Secure"); |
| 19 | res.addHeader(boost::beast::http::field::set_cookie, |
| Gunnar Mills | c76f964 | 2025-01-26 21:37:59 -0600 | [diff] [blame] | 20 | "BMCWEB-SESSION=" + session.sessionToken + |
| Paul Fertser | 29aab24 | 2024-06-12 19:28:47 +0000 | [diff] [blame] | 21 | "; Path=/; SameSite=Strict; Secure; HttpOnly"); |
| 22 | } |
| 23 | |
| 24 | inline void clearSessionCookies(crow::Response& res) |
| 25 | { |
| 26 | res.addHeader(boost::beast::http::field::set_cookie, |
| Gunnar Mills | c76f964 | 2025-01-26 21:37:59 -0600 | [diff] [blame] | 27 | "BMCWEB-SESSION=" |
| Paul Fertser | 29aab24 | 2024-06-12 19:28:47 +0000 | [diff] [blame] | 28 | "; Path=/; SameSite=Strict; Secure; HttpOnly; " |
| 29 | "expires=Thu, 01 Jan 1970 00:00:00 GMT"); |
| 30 | res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")"); |
| 31 | } |
| 32 | |
| 33 | } // namespace bmcweb |