Module Webs_kit.Authenticated_cookie

Authenticated cookies.

An authenticated cookie uses the Authenticatable scheme to let your service store expirable state on the client with the guarantee that it cannot tamper with it.

The data is not encrypted.

Setting and clearing

val set : private_key:Authenticatable.private_key -> expire:Authenticatable.time option -> ?atts:Webs.Http.Cookie.atts -> name:string -> string -> Webs.Http.resp -> Webs.Http.resp

set ~private_key ~expire ~atts ~name data resp sets in resp the cookie name to data authenticated by private_key and expiring at expire (see Authenticatable.encode). atts are the cookie's attributes, they default to Webs.Http.Cookie.atts_default.

Note. The expiration expire, if provided, expires the authenticated data, it does not affect HTTP cookie expiration. Use the max_age attribute of Webs.Http.Cookie.atts for that.

val clear : ?atts:Webs.Http.Cookie.atts -> name:string -> Webs.Http.resp -> Webs.Http.resp

clear ~atts ~name resp clears the cookie named name in resp by setting its max-age to -1 and value to "". atts should be the same value as the one given to set, its max_age attribute gets overriden with a -1 by the function.


type error = [
  1. | Authenticatable.error
  2. | `Cookie of string

    Cookie decoding errors.


The type for authenticated cookie decode and authentication errors.

val error_message : error -> string

error_message e is an english error message for e.

val error_string : ('a, error) Stdlib.result -> ('a, string) Stdlib.result

error_string r is Result.map_error error_message r.

val find : private_key:Authenticatable.private_key -> now:Authenticatable.time option -> name:string -> Webs.Http.req -> ((Authenticatable.time option * string) option, error) Stdlib.result

find ~private_key ~now ~name req is the cookie of req named name authenticated and expired by private_key and now. This is Ok None if no cookie named name could be found or if its value is "". If the cookie was set with an expire you need to provide a now otherwise it will never authenticate, see Authenticatable.decode for more details.