xref: /openbmc/bmcweb/include/cookies.hpp (revision f80a87f2)
1 #pragma once
2 
3 #include "http_response.hpp"
4 #include "sessions.hpp"
5 
6 namespace bmcweb
7 {
8 
9 inline void setSessionCookies(crow::Response& res,
10                               const persistent_data::UserSession& session)
11 {
12     res.addHeader(boost::beast::http::field::set_cookie,
13                   "XSRF-TOKEN=" + session.csrfToken +
14                       "; Path=/; SameSite=Strict; Secure");
15     res.addHeader(boost::beast::http::field::set_cookie,
16                   "SESSION=" + session.sessionToken +
17                       "; Path=/; SameSite=Strict; Secure; HttpOnly");
18 }
19 
20 inline void clearSessionCookies(crow::Response& res)
21 {
22     res.addHeader(boost::beast::http::field::set_cookie,
23                   "SESSION="
24                   "; Path=/; SameSite=Strict; Secure; HttpOnly; "
25                   "expires=Thu, 01 Jan 1970 00:00:00 GMT");
26     res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")");
27 }
28 
29 } // namespace bmcweb
30