1 #pragma once 2 3 #include "http_response.hpp" 4 #include "sessions.hpp" 5 6 namespace bmcweb 7 { 8 9 inline void setSessionCookies(crow::Response& res, 10 const persistent_data::UserSession& session) 11 { 12 res.addHeader(boost::beast::http::field::set_cookie, 13 "XSRF-TOKEN=" + session.csrfToken + 14 "; Path=/; SameSite=Strict; Secure"); 15 res.addHeader(boost::beast::http::field::set_cookie, 16 "SESSION=" + session.sessionToken + 17 "; Path=/; SameSite=Strict; Secure; HttpOnly"); 18 } 19 20 inline void clearSessionCookies(crow::Response& res) 21 { 22 res.addHeader(boost::beast::http::field::set_cookie, 23 "SESSION=" 24 "; Path=/; SameSite=Strict; Secure; HttpOnly; " 25 "expires=Thu, 01 Jan 1970 00:00:00 GMT"); 26 res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")"); 27 } 28 29 } // namespace bmcweb 30