xref: /openbmc/bmcweb/include/cookies.hpp (revision 40e9b92ec19acffb46f83a6e55b18974da5d708e)
1 // SPDX-License-Identifier: Apache-2.0
2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors
3 #pragma once
4 
5 #include "http_response.hpp"
6 #include "sessions.hpp"
7 
8 namespace bmcweb
9 {
10 
11 inline void setSessionCookies(crow::Response& res,
12                               const persistent_data::UserSession& session)
13 {
14     res.addHeader(boost::beast::http::field::set_cookie,
15                   "XSRF-TOKEN=" + session.csrfToken +
16                       "; Path=/; SameSite=Strict; Secure");
17     res.addHeader(boost::beast::http::field::set_cookie,
18                   "SESSION=" + session.sessionToken +
19                       "; Path=/; SameSite=Strict; Secure; HttpOnly");
20 }
21 
22 inline void clearSessionCookies(crow::Response& res)
23 {
24     res.addHeader(boost::beast::http::field::set_cookie,
25                   "SESSION="
26                   "; Path=/; SameSite=Strict; Secure; HttpOnly; "
27                   "expires=Thu, 01 Jan 1970 00:00:00 GMT");
28     res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")");
29 }
30 
31 } // namespace bmcweb
32