Webs_kit.Authenticated_cookie
Authenticated cookies.
An authenticated cookie uses the Authenticatable
scheme to let your service store expirable state on the client with the guarantee that it cannot tamper with it.
The data is not encrypted.
val set : private_key:Authenticatable.private_key -> expire:Authenticatable.time option -> ?atts:Webs.Http.Cookie.atts -> name:string -> string -> Webs.Http.resp -> Webs.Http.resp
set ~private_key ~expire ~atts ~name data resp
sets in resp
the cookie name
to data
authenticated by private_key
and expiring at expire
(see Authenticatable.encode
). atts
are the cookie's attributes, they default to Webs.Http.Cookie.atts_default
.
Note. The expiration expire
, if provided, expires the authenticated data, it does not affect HTTP cookie expiration. Use the max_age
attribute of Webs.Http.Cookie.atts
for that.
val clear : ?atts:Webs.Http.Cookie.atts -> name:string -> Webs.Http.resp -> Webs.Http.resp
clear ~atts ~name resp
clears the cookie named name
in resp
by setting its max-age
to -1
and value to ""
. atts
should be the same value as the one given to set
, its max_age
attribute gets overriden with a -1
by the function.
The type for authenticated cookie decode and authentication errors.
val error_message : error -> string
error_message e
is an english error message for e
.
val error_string : ('a, error) Stdlib.result -> ('a, string) Stdlib.result
error_string r
is Result.map_error error_message r
.
val find : private_key:Authenticatable.private_key -> now:Authenticatable.time option -> name:string ->
Webs.Http.req -> ((Authenticatable.time option * string) option, error) Stdlib.result
find ~private_key ~now ~name req
is the cookie of req
named name
authenticated and expired by private_key
and now
. This is Ok None
if no cookie named name
could be found or if its value is ""
. If the cookie was set
with an expire
you need to provide a now
otherwise it will never authenticate, see Authenticatable.decode
for more details.