xref: /openbmc/bmcweb/include/cookies.hpp (revision d78572018fc2022091ff8b8eb5a7fef2172ba3d6) 
1 // SPDX-License-Identifier: Apache-2.0
2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors
3 #pragma once
4 
5 #include "http_response.hpp"
6 #include "sessions.hpp"
7 
8 #include <boost/beast/http/field.hpp>
9 
10 namespace bmcweb
11 {
12 
setSessionCookies(crow::Response & res,const persistent_data::UserSession & session)13 inline void setSessionCookies(crow::Response& res,
14                               const persistent_data::UserSession& session)
15 {
16     res.addHeader(boost::beast::http::field::set_cookie,
17                   "XSRF-TOKEN=" + session.csrfToken +
18                       "; Path=/; SameSite=Strict; Secure");
19     res.addHeader(boost::beast::http::field::set_cookie,
20                   "SESSION=" + session.sessionToken +
21                       "; Path=/; SameSite=Strict; Secure; HttpOnly");
22 }
23 
clearSessionCookies(crow::Response & res)24 inline void clearSessionCookies(crow::Response& res)
25 {
26     res.addHeader(boost::beast::http::field::set_cookie,
27                   "SESSION="
28                   "; Path=/; SameSite=Strict; Secure; HttpOnly; "
29                   "expires=Thu, 01 Jan 1970 00:00:00 GMT");
30     res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")");
31 }
32 
33 } // namespace bmcweb
34