Module Webs_kit.Authenticated_cookie
Authenticated cookies.
An authenticated cookie lets your service store expirable state on the client with the guarantee that it cannot tamper with it. The data is not encrypted, this is not made to store service secrets on the client.
In order to use this you need a private key in your service. An easy way to handle this is to generate one randomly with Authenticatable.random_key
when you start your service. Note however that this invalidates any data currently stored on your clients whenever you restart your service – depending on your use case that may be okay, or not.
val get : key:Authenticatable.key -> now:Authenticatable.ptime -> name:string -> Webs.Req.t -> string option
get ~key ~now ~name req
is the cookie ofreq
namedname
authenticated and expired bykey
andnow
(seeAuthenticatable.decode
).TODO. Any kind of error leads to
None
.
val set : ?atts:Webs.Http.Cookie.atts -> key:Authenticatable.key -> expire:Authenticatable.ptime option -> name:string -> string -> Webs.Resp.t -> Webs.Resp.t
set ~atts ~key ~expire ~name data resp
sets inresp
the cookiename
todata
authenticated bykey
and expiring atexpire
(seeAuthenticatable.encode
).atts
are the cookie's attribute they default toWebs.Http.Cookie.atts_default
.