eXept Software AG Logo

Smalltalk/X Webserver

Documentation of class 'HTTPCookie':

Home

Documentation
www.exept.de
Everywhere
for:
 [back]

Class: HTTPCookie

Inheritance:

   Object
   |
   +--HTTPCookie
Package:
stx:goodies/webServer
Category:
Net-Communication-HTTP-Server
Version:
rev: 1.20 date: 2023/09/28 10:08:50
user: stefan
file: HTTPCookie.st directory: goodies/webServer
module: stx stc-classLibrary: webServer

Description:




copyright
COPYRIGHT (c) 2003 by eXept Software AG
             All Rights Reserved

This software is furnished under a license and may be used
only in accordance with the terms of that license and with the
inclusion of the above copyright notice.   This software may not
be provided or otherwise made available to, or used by, any
other person.  No title to or ownership of the software is
hereby transferred.

Class protocol:

constants
o  sameSiteLaxRestrictionLevel
Controls whether or not a cookie is sent with cross-origin requests,
providing some protection against cross-site request forgery attacks (CSRF).

The possible attribute values are:
- Strict
means that the browser sends the cookie only for same-site requests, that is,
requests originating from the same site that set the cookie.
If a request originates from a URL different from the current one,
no cookies with the SameSite=Strict attribute are sent.

- Lax
means that the cookie is not sent on cross-site requests,
such as on requests to load images or frames,
but is sent when a user is navigating to the origin site from an external site
(for example, when following a link).
This is the default behavior if the SameSite attribute is not specified.

- None
means that the browser sends the cookie with both cross-site and same-site requests.
The Secure attribute must also be set when setting this value, like so SameSite=None; Secure

o  sameSiteNoneRestrictionLevel
Controls whether or not a cookie is sent with cross-origin requests,
providing some protection against cross-site request forgery attacks (CSRF).

The possible attribute values are:
- Strict
means that the browser sends the cookie only for same-site requests, that is,
requests originating from the same site that set the cookie.
If a request originates from a URL different from the current one,
no cookies with the SameSite=Strict attribute are sent.

- Lax
means that the cookie is not sent on cross-site requests,
such as on requests to load images or frames,
but is sent when a user is navigating to the origin site from an external site
(for example, when following a link).
This is the default behavior if the SameSite attribute is not specified.

- None
means that the browser sends the cookie with both cross-site and same-site requests.
The Secure attribute must also be set when setting this value, like so SameSite=None; Secure

o  sameSiteStrictRestrictionLevel
Controls whether or not a cookie is sent with cross-origin requests,
providing some protection against cross-site request forgery attacks (CSRF).

The possible attribute values are:
- Strict
means that the browser sends the cookie only for same-site requests, that is,
requests originating from the same site that set the cookie.
If a request originates from a URL different from the current one,
no cookies with the SameSite=Strict attribute are sent.

- Lax
means that the cookie is not sent on cross-site requests,
such as on requests to load images or frames,
but is sent when a user is navigating to the origin site from an external site
(for example, when following a link).
This is the default behavior if the SameSite attribute is not specified.

- None
means that the browser sends the cookie with both cross-site and same-site requests.
The Secure attribute must also be set when setting this value, like so SameSite=None; Secure

Instance protocol:

accessing
o  expiration
return the value of the instance variable 'expiration' (automatically generated)

o  expiration: something
set the value of the instance variable 'expiration' (automatically generated)

o  httpOnly
if true, the cookie can not be read by javascript for e.g. (Document.cookie property),
note that the cookie will still be sent with javascript initiated requests (XMLHttpRequest.send())

o  httpOnly: something
if true, the cookie can not be read by javascript for e.g. (Document.cookie property),
note that the cookie will still be sent with javascript initiated requests (XMLHttpRequest.send())

o  maxAge

o  maxAge: something

o  name

o  name: something

o  name: nameArg value: anArray path: pathArg expiration: expirationArg
value must be an Array, so that we can later decode it

o  path
if I am still raw, cook me

o  path: something

o  rawValue

o  rawValue: something

o  sameSiteRestrictionLevel
Controls whether or not a cookie is sent with cross-origin requests,
providing some protection against cross-site request forgery attacks (CSRF).

The possible attribute values are:
- Strict
means that the browser sends the cookie only for same-site requests, that is,
requests originating from the same site that set the cookie.
If a request originates from a URL different from the current one,
no cookies with the SameSite=Strict attribute are sent.

- Lax
means that the cookie is not sent on cross-site requests,
such as on requests to load images or frames,
but is sent when a user is navigating to the origin site from an external site
(for example, when following a link).
This is the default behavior if the SameSite attribute is not specified.

- None
means that the browser sends the cookie with both cross-site and same-site requests.
The Secure attribute must also be set when setting this value, like so SameSite=None; Secure

o  sameSiteRestrictionLevel: something
Controls whether or not a cookie is sent with cross-origin requests,
providing some protection against cross-site request forgery attacks (CSRF).

The possible attribute values are:
- Strict
means that the browser sends the cookie only for same-site requests, that is,
requests originating from the same site that set the cookie.
If a request originates from a URL different from the current one,
no cookies with the SameSite=Strict attribute are sent.

- Lax
means that the cookie is not sent on cross-site requests,
such as on requests to load images or frames,
but is sent when a user is navigating to the origin site from an external site
(for example, when following a link).
This is the default behavior if the SameSite attribute is not specified.

- None
means that the browser sends the cookie with both cross-site and same-site requests.
The Secure attribute must also be set when setting this value, like so SameSite=None; Secure

o  secure

o  secure: something

o  value
if I am still raw, cook me

o  value: something

encoding & decoding
o  extractValueAndPathFromRawValue

o  extractValueFrom: aBase64EncodedString
|c s|

c := HTTPCookie new.
c value:#('aaa' 1234 '97e44aa0-c51c-11dd-8dc8-0018f3c28c0d' '/foo/bar/baz').
s := c htmlString.
c extractValueFrom:(s copyFrom:(s indexOf:$=)+1 to:(s indexOf:$;)-1).

o  htmlString
if true, the cookie can not be read by javascript for e.g. (Document.cookie property)
note that the cookie will still be sent with javascript initiated requests (XMLHttpRequest.send())

Usage example(s): 

     self new htmlString      

     (Timestamp
        day:1 month:1 year:2010
        hour:1 minutes:0 seconds:0) 
            printStringFormat:'%(DayName), %(day)-%(ShortMonthName)-%(year) %h:%m:%s GMT'

printing
o  printOn: aStream
(comment from inherited method)
append a user printed representation of the receiver to aStream.
The format is suitable for a human - not meant to be read back.

The default here is to output the receiver's class name.
BUT: this method is heavily redefined for objects which
can print prettier.


ST/X 7.7.0.0; WebServer 1.702 at 20f6060372b9.unknown:8081; Mon, 18 Nov 2024 04:31:51 GMT