| Paul Fertser | 29aab24 | 2024-06-12 19:28:47 +0000 | [diff] [blame] | 1 | #pragma once |
| 2 | |
| 3 | #include "http_response.hpp" |
| 4 | #include "sessions.hpp" |
| 5 | |
| 6 | namespace bmcweb |
| 7 | { |
| 8 | |
| 9 | inline void setSessionCookies(crow::Response& res, |
| 10 | const persistent_data::UserSession& session) |
| 11 | { |
| 12 | res.addHeader(boost::beast::http::field::set_cookie, |
| 13 | "XSRF-TOKEN=" + session.csrfToken + |
| 14 | "; Path=/; SameSite=Strict; Secure"); |
| 15 | res.addHeader(boost::beast::http::field::set_cookie, |
| 16 | "SESSION=" + session.sessionToken + |
| 17 | "; Path=/; SameSite=Strict; Secure; HttpOnly"); |
| 18 | } |
| 19 | |
| 20 | inline void clearSessionCookies(crow::Response& res) |
| 21 | { |
| 22 | res.addHeader(boost::beast::http::field::set_cookie, |
| 23 | "SESSION=" |
| 24 | "; Path=/; SameSite=Strict; Secure; HttpOnly; " |
| 25 | "expires=Thu, 01 Jan 1970 00:00:00 GMT"); |
| 26 | res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")"); |
| 27 | } |
| 28 | |
| 29 | } // namespace bmcweb |