summaryrefslogtreecommitdiffstats
path: root/docs/en/cowboy/2.0/guide/cookies
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2016-03-28 15:36:42 +0200
committerLoïc Hoguin <[email protected]>2016-03-28 15:36:42 +0200
commitfe3492a98de29942477b061cd02c92246f4bf85a (patch)
tree2255b796a657e6e4dfb72beec1141258d17f1220 /docs/en/cowboy/2.0/guide/cookies
downloadninenines.eu-fe3492a98de29942477b061cd02c92246f4bf85a.tar.gz
ninenines.eu-fe3492a98de29942477b061cd02c92246f4bf85a.tar.bz2
ninenines.eu-fe3492a98de29942477b061cd02c92246f4bf85a.zip
Initial commit, new website system
Diffstat (limited to 'docs/en/cowboy/2.0/guide/cookies')
-rw-r--r--docs/en/cowboy/2.0/guide/cookies/index.html303
1 files changed, 303 insertions, 0 deletions
diff --git a/docs/en/cowboy/2.0/guide/cookies/index.html b/docs/en/cowboy/2.0/guide/cookies/index.html
new file mode 100644
index 00000000..4aea8eb0
--- /dev/null
+++ b/docs/en/cowboy/2.0/guide/cookies/index.html
@@ -0,0 +1,303 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <meta name="description" content="">
+ <meta name="author" content="Loïc Hoguin based on a design from (Soft10) Pol Cámara">
+
+ <meta name="generator" content="Hugo 0.15" />
+
+ <title>Nine Nines: Using cookies</title>
+
+ <link href='http://fonts.googleapis.com/css?family=Open+Sans:400,700,400italic' rel='stylesheet' type='text/css'>
+
+ <link href="/css/bootstrap.min.css" rel="stylesheet">
+ <link href="/css/99s.css" rel="stylesheet">
+
+ <link rel="shortcut icon" href="/img/ico/favicon.ico">
+ <link rel="apple-touch-icon-precomposed" sizes="114x114" href="/img/ico/apple-touch-icon-114.png">
+ <link rel="apple-touch-icon-precomposed" sizes="72x72" href="/img/ico/apple-touch-icon-72.png">
+ <link rel="apple-touch-icon-precomposed" href="/img/ico/apple-touch-icon-57.png">
+
+
+</head>
+
+
+<body class="">
+ <header id="page-head">
+ <div id="topbar" class="container">
+ <div class="row">
+ <div class="span2">
+ <h1 id="logo"><a href="/" title="99s">99s</a></h1>
+ </div>
+ <div class="span10">
+
+ <div id="side-header">
+ <nav>
+ <ul>
+ <li><a title="Hear my thoughts" href="/articles">Articles</a></li>
+ <li><a title="Watch my talks" href="/talks">Talks</a></li>
+ <li class="active"><a title="Read the docs" href="/docs">Documentation</a></li>
+ <li><a title="Request my services" href="/services">Consulting & Training</a></li>
+ </ul>
+ </nav>
+ <ul id="social">
+ <li>
+ <a href="https://github.com/ninenines" title="Check my Github repositories"><img src="/img/ico_github.png" data-hover="/img/ico_github_alt.png" alt="Github"></a>
+ </li>
+ <li>
+ <a title="Keep in touch!" href="http://twitter.com/lhoguin"><img src="/img/ico_microblog.png" data-hover="/img/ico_microblog_alt.png"></a>
+ </li>
+ <li>
+ <a title="Contact me" href="mailto:[email protected]"><img src="/img/ico_mail.png" data-hover="/img/ico_mail_alt.png"></a>
+ </li>
+ </ul>
+ </div>
+ </div>
+ </div>
+ </div>
+
+
+</header>
+
+<div id="contents" class="two_col">
+<div class="container">
+<div class="row">
+<div id="docs" class="span9 maincol">
+
+<h1 class="lined-header"><span>Using cookies</span></h1>
+
+<div class="paragraph"><p>Cookies are a mechanism allowing applications to maintain
+state on top of the stateless HTTP protocol.</p></div>
+<div class="paragraph"><p>Cowboy provides facilities for handling cookies. It is highly
+recommended to use them instead of writing your own, as the
+implementation of cookies can vary greatly between clients.</p></div>
+<div class="paragraph"><p>Cookies are stored client-side and sent with every subsequent
+request that matches the domain and path for which they were
+stored, including requests for static files. For this reason
+they can incur a cost which must be taken in consideration.</p></div>
+<div class="paragraph"><p>Also consider that, regardless of the options used, cookies
+are not to be trusted. They may be read and modified by any
+program on the user&#8217;s computer, but also by proxies. You
+should always validate cookie values before using them. Do
+not store any sensitive information in cookies either.</p></div>
+<div class="paragraph"><p>When explicitly setting the domain, the cookie will be sent
+for the domain and all subdomains from that domain. Otherwise
+the current domain will be used. The same is true for the
+path.</p></div>
+<div class="paragraph"><p>When the server sets cookies, they will only be available
+for requests that are sent after the client receives the
+response.</p></div>
+<div class="paragraph"><p>Cookies are sent in HTTP headers, therefore they must have
+text values. It is your responsibility to encode any other
+data type. Also note that cookie names are de facto case
+sensitive.</p></div>
+<div class="paragraph"><p>Cookies can be set for the client session (which generally
+means until the browser is closed), or it can be set for
+a number of seconds. Once it expires, or when the server
+says the cookie must exist for up to 0 seconds, the cookie
+is deleted by the client. To avoid this while the user
+is browsing your site, you should set the cookie for
+every request, essentially resetting the expiration time.</p></div>
+<div class="paragraph"><p>Cookies can be restricted to secure channels. This typically
+means that such a cookie will only be sent over HTTPS,
+and that it will only be available by client-side scripts
+that run from HTTPS webpages.</p></div>
+<div class="paragraph"><p>Finally, cookies can be restricted to HTTP and HTTPS requests,
+essentially disabling their access from client-side scripts.</p></div>
+<div class="sect1">
+<h2 id="_setting_cookies">Setting cookies</h2>
+<div class="sectionbody">
+<div class="paragraph"><p>By default, cookies you set are defined for the session.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt><span style="color: #009900">SessionID</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">generate_session_id</span></span>(),
+<span style="color: #009900">Req2</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:set_resp_cookie</span></span>(<span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"sessionid"</span><span style="color: #990000">&gt;&gt;</span>, <span style="color: #009900">SessionID</span>, [], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>You can also make them expire at a specific point in the
+future.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt><span style="color: #009900">SessionID</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">generate_session_id</span></span>(),
+<span style="color: #009900">Req2</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:set_resp_cookie</span></span>(<span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"sessionid"</span><span style="color: #990000">&gt;&gt;</span>, <span style="color: #009900">SessionID</span>, [
+ {<span style="color: #FF6600">max_age</span>, <span style="color: #993399">3600</span>}
+], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>You can delete cookies that have already been set. The value
+is ignored.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt><span style="color: #009900">Req2</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:set_resp_cookie</span></span>(<span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"sessionid"</span><span style="color: #990000">&gt;&gt;</span>, <span style="color: #990000">&lt;&lt;&gt;&gt;</span>, [
+ {<span style="color: #FF6600">max_age</span>, <span style="color: #993399">0</span>}
+], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>You can restrict them to a specific domain and path.
+For example, the following cookie will be set for the domain
+<code>my.example.org</code> and all its subdomains, but only on the path
+<code>/account</code> and all its subdirectories.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt><span style="color: #009900">Req2</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:set_resp_cookie</span></span>(<span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"inaccount"</span><span style="color: #990000">&gt;&gt;</span>, <span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"1"</span><span style="color: #990000">&gt;&gt;</span>, [
+ {<span style="color: #FF6600">domain</span>, <span style="color: #FF0000">"my.example.org"</span>},
+ {<span style="color: #FF6600">path</span>, <span style="color: #FF0000">"/account"</span>}
+], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>You can restrict the cookie to secure channels, typically HTTPS.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt><span style="color: #009900">SessionID</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">generate_session_id</span></span>(),
+<span style="color: #009900">Req2</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:set_resp_cookie</span></span>(<span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"sessionid"</span><span style="color: #990000">&gt;&gt;</span>, <span style="color: #009900">SessionID</span>, [
+ {<span style="color: #FF6600">secure</span>, <span style="color: #000080">true</span>}
+], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>You can restrict the cookie to client-server communication
+only. Such a cookie will not be available to client-side scripts.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt><span style="color: #009900">SessionID</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">generate_session_id</span></span>(),
+<span style="color: #009900">Req2</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:set_resp_cookie</span></span>(<span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"sessionid"</span><span style="color: #990000">&gt;&gt;</span>, <span style="color: #009900">SessionID</span>, [
+ {<span style="color: #FF6600">http_only</span>, <span style="color: #000080">true</span>}
+], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>Cookies may also be set client-side, for example using
+Javascript.</p></div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="_reading_cookies">Reading cookies</h2>
+<div class="sectionbody">
+<div class="paragraph"><p>As we said, the client sends cookies with every request.
+But unlike the server, the client only sends the cookie
+name and value.</p></div>
+<div class="paragraph"><p>Cowboy provides two different ways to read cookies. You
+can either parse them as a list of key/value pairs, or
+match them into a map, optionally applying constraints
+to the values or providing a default if they are missing.</p></div>
+<div class="paragraph"><p>You can parse the cookies and then use standard library
+functions to access individual values.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt><span style="color: #009900">Cookies</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:parse_cookies</span></span>(<span style="color: #009900">Req</span>),
+{<span style="color: #990000">_</span>, <span style="color: #009900">Lang</span>} <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">lists:keyfind</span></span>(<span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"lang"</span><span style="color: #990000">&gt;&gt;</span>, <span style="color: #993399">1</span>, <span style="color: #009900">Cookies</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>You can match the cookies into a map.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt>#{<span style="color: #FF6600">id</span> <span style="color: #990000">:=</span> <span style="color: #009900">ID</span>, <span style="color: #FF6600">lang</span> <span style="color: #990000">:=</span> <span style="color: #009900">Lang</span>} <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:match_cookies</span></span>([<span style="color: #FF6600">id</span>, <span style="color: #FF6600">lang</span>], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>You can use constraints to validate the values while matching
+them. The following snippet will crash if the <code>id</code> cookie is
+not an integer number or if the <code>lang</code> cookie is empty. Additionally
+the <code>id</code> cookie value will be converted to an integer term, saving
+you a conversion step.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt><span style="color: #009900">CookiesMap</span> <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:match_cookies</span></span>([{<span style="color: #FF6600">id</span>, <span style="color: #FF6600">int</span>}, {<span style="color: #FF6600">lang</span>, <span style="color: #FF6600">nonempty</span>}], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>Note that if two cookies share the same name, then the map value
+will be a list of the two cookie values.</p></div>
+<div class="paragraph"><p>Read more about <a href="../constraints">constraints</a>.</p></div>
+<div class="paragraph"><p>A default value can be provided. The default will be used
+if the <code>lang</code> cookie is not found. It will not be used if
+the cookie is found but has an empty value.</p></div>
+<div class="listingblock">
+<div class="content"><!-- Generator: GNU source-highlight 3.1.8
+by Lorenzo Bettini
+http://www.lorenzobettini.it
+http://www.gnu.org/software/src-highlite -->
+<pre><tt>#{<span style="color: #FF6600">lang</span> <span style="color: #990000">:=</span> <span style="color: #009900">Lang</span>} <span style="color: #990000">=</span> <span style="font-weight: bold"><span style="color: #000000">cowboy_req:match_cookies</span></span>([{<span style="color: #FF6600">lang</span>, [], <span style="color: #990000">&lt;&lt;</span><span style="color: #FF0000">"en-US"</span><span style="color: #990000">&gt;&gt;</span>}], <span style="color: #009900">Req</span>)<span style="color: #990000">.</span></tt></pre></div></div>
+<div class="paragraph"><p>If no default is provided and the value is missing, the
+query string is deemed invalid and the process will crash.</p></div>
+</div>
+</div>
+
+
+
+</div>
+
+<div class="span3 sidecol">
+
+
+<h3>
+ Cowboy
+ 2.0
+
+ User Guide
+</h3>
+
+<ul>
+
+ <li><a href="/docs/en/cowboy/2.0/guide">User Guide</a></li>
+
+
+ <li><a href="/docs/en/cowboy/2.0/manual">Function Reference</a></li>
+
+
+</ul>
+
+<h4 id="docs-nav">Navigation</h4>
+
+<h4>Version select</h4>
+<ul>
+
+
+
+ <li><a href="/docs/en/cowboy/1.0/guide">1.0</a></li>
+
+ <li><a href="/docs/en/cowboy/2.0/guide">2.0</a></li>
+
+</ul>
+
+</div>
+</div>
+</div>
+</div>
+
+ <footer>
+ <div class="container">
+ <div class="row">
+ <div class="span6">
+ <p id="scroll-top"><a href="#">↑ Scroll to top</a></p>
+ <nav>
+ <ul>
+ <li><a href="mailto:[email protected]" title="Contact us">Contact us</a></li><li><a href="https://github.com/ninenines/ninenines.github.io" title="Github repository">Contribute to this site</a></li>
+ </ul>
+ </nav>
+ </div>
+ <div class="span6 credits">
+ <p><img src="/img/footer_logo.png"></p>
+ <p>Copyright &copy; Loïc Hoguin 2012-2016</p>
+ </div>
+ </div>
+ </div>
+ </footer>
+
+
+ <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
+ <script src="/js/bootstrap-carousel.js"></script>
+ <script src="/js/bootstrap-dropdown.js"></script>
+ <script src="/js/custom.js"></script>
+ </body>
+</html>
+
+