Module Webs_authenticated_cookie

Authenticated cookies.

An authenticated cookie uses the Webs_authenticatable scheme to let your service store expirable state on the client with the guarantee that it cannot tamper with it.

The data is not encrypted.

Setting and clearing

set ~private_key ~expire ~attributes ~name data response sets in response response the cookie name to data authenticated by private_key and expiring at expire. attributes are the cookie's attributes, they default to Webs.Http.Cookie.default_attributes.

Note. The expiration expire, if provided, expires the authenticated data (see Webs_authenticatable.encode). It does not affect HTTP cookie expiration. Use the max_age attribute of Webs.Http.Cookie.attributes for that.

clear ~attributes ~name response clears the cookie named name in response by setting its max-age to -1 and value to "". attributes should be the same value as the one given to set, its max_age attribute gets overriden with a -1 by the function, they default to Webs.Http.Cookie.default_attributes.


type error = [
  1. | Webs_authenticatable.error
  2. | `Cookie of string

    Cookie decoding errors.


The type for authenticated cookie decode and authentication errors.

val error_message : error -> string

error_message e is an english error message for e.

val error_string : ('a, error) Stdlib.result -> ('a, string) Stdlib.result

error_string r is Result.map_error error_message r.

val find : private_key:Webs_authenticatable.Private_key.t -> now:Webs_authenticatable.time option -> -> Webs.Http.Request.t -> ((Webs_authenticatable.time option * string) option, error) Stdlib.result

find ~private_key ~now ~name request is the cookie of request named name authenticated and expired by private_key and now. This is Ok None if no cookie named name could be found or if its value is "".

Note. If the cookie was set with an expire you need to provide a now otherwise it will never authenticate, see Webs_authenticatable.decode for more details.