1 // SPDX-License-Identifier: Apache-2.0 2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors 3 #pragma once 4 5 #include "http_response.hpp" 6 #include "sessions.hpp" 7 8 namespace bmcweb 9 { 10 11 inline void setSessionCookies(crow::Response& res, 12 const persistent_data::UserSession& session) 13 { 14 res.addHeader(boost::beast::http::field::set_cookie, 15 "XSRF-TOKEN=" + session.csrfToken + 16 "; Path=/; SameSite=Strict; Secure"); 17 res.addHeader(boost::beast::http::field::set_cookie, 18 "SESSION=" + session.sessionToken + 19 "; Path=/; SameSite=Strict; Secure; HttpOnly"); 20 } 21 22 inline void clearSessionCookies(crow::Response& res) 23 { 24 res.addHeader(boost::beast::http::field::set_cookie, 25 "SESSION=" 26 "; Path=/; SameSite=Strict; Secure; HttpOnly; " 27 "expires=Thu, 01 Jan 1970 00:00:00 GMT"); 28 res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")"); 29 } 30 31 } // namespace bmcweb 32