cow_cookie(3)

Name

cow_cookie - Cookies

Description

The module cow_cookie provides functions for parsing and manipulating cookie headers.

Exports

Types

cookie_attrs() :: #{
    expires => calendar:datetime(),
    max_age => calendar:datetime(),
    domain => binary(),
    path => binary(),
    secure => true,
    http_only => true,
    same_site => default | none | strict | lax
}

Cookie attributes parsed from the set-cookie header. The attributes must be passed as-is to a cookie store engine for processing, along with the cookie name and value. More information about the attributes can be found in RFC 6265.

cookie_opts() :: #{
    domain    => binary(),
    http_only => boolean(),
    max_age   => non_neg_integer(),
    path      => binary(),
    same_site => default | none | strict | lax,
    secure    => boolean()
}

Options for the set-cookie header. They are added to the header as attributes. More information about the options can be found in RFC 6265.

The following options are defined:

domain

Hosts to which the cookie will be sent. By default it will only be sent to the origin server.

http_only

Whether the cookie should be restricted to HTTP requests, or it should also be exposed to other APIs, for example Javascript. By default there are no restrictions.

max_age

Maximum lifetime of the cookie, in seconds. By default the cookie is kept for the duration of the session.

path

Path to which the cookie will be sent. By default it will be sent to the current "directory" of the effective request URI.

same_site

Whether the cookie should be sent along with cross-site requests. This attribute is currently non-standard but is in the process of being standardized. Please refer to the RFC 6265 (bis) draft for details.

The default value for this attribute may vary depending on user agent and configuration. Browsers are known to be more strict over TCP compared to TLS.

secure

Whether the cookie should be sent only on secure channels (for example TLS). Note that this does not guarantee the integrity of the cookie, only its confidentiality during transfer. By default there are no restrictions.

Changelog

  • 2.12: The same_site attribute and option may now be set to default.
  • 2.10: The same_site attribute and option may now be set to none.
  • 2.9: The cookie_attrs type was added.
  • 1.0: Module introduced.

See also

cowlib(7), RFC 6265

Cowlib 2.13 Function Reference

Navigation

Version select

Like my work? Donate!

Donate to Loïc Hoguin because his work on Cowboy, Ranch, Gun and Erlang.mk is fantastic:

Recurring payment options are also available via GitHub Sponsors. These funds are used to cover the recurring expenses like food, dedicated servers or domain names.