140e9b92eSEd Tanous // SPDX-License-Identifier: Apache-2.0 240e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright OpenBMC Authors 329aab242SPaul Fertser #pragma once 429aab242SPaul Fertser 529aab242SPaul Fertser #include "http_response.hpp" 629aab242SPaul Fertser #include "sessions.hpp" 729aab242SPaul Fertser 8d7857201SEd Tanous #include <boost/beast/http/field.hpp> 9d7857201SEd Tanous 1029aab242SPaul Fertser namespace bmcweb 1129aab242SPaul Fertser { 1229aab242SPaul Fertser setSessionCookies(crow::Response & res,const persistent_data::UserSession & session)1329aab242SPaul Fertserinline void setSessionCookies(crow::Response& res, 1429aab242SPaul Fertser const persistent_data::UserSession& session) 1529aab242SPaul Fertser { 1629aab242SPaul Fertser res.addHeader(boost::beast::http::field::set_cookie, 1729aab242SPaul Fertser "XSRF-TOKEN=" + session.csrfToken + 1829aab242SPaul Fertser "; Path=/; SameSite=Strict; Secure"); 1929aab242SPaul Fertser res.addHeader(boost::beast::http::field::set_cookie, 20*c76f964aSGunnar Mills "BMCWEB-SESSION=" + session.sessionToken + 2129aab242SPaul Fertser "; Path=/; SameSite=Strict; Secure; HttpOnly"); 2229aab242SPaul Fertser } 2329aab242SPaul Fertser clearSessionCookies(crow::Response & res)2429aab242SPaul Fertserinline void clearSessionCookies(crow::Response& res) 2529aab242SPaul Fertser { 2629aab242SPaul Fertser res.addHeader(boost::beast::http::field::set_cookie, 27*c76f964aSGunnar Mills "BMCWEB-SESSION=" 2829aab242SPaul Fertser "; Path=/; SameSite=Strict; Secure; HttpOnly; " 2929aab242SPaul Fertser "expires=Thu, 01 Jan 1970 00:00:00 GMT"); 3029aab242SPaul Fertser } 3129aab242SPaul Fertser 3229aab242SPaul Fertser } // namespace bmcweb 33