pub enum Cookies<'a> {
// some variants omitted
}Collection of one or more HTTP cookies.
The Cookies type allows for retrieval of cookies from an incoming request
as well as modifications to cookies to be reflected by Rocket on outgoing
responses. Cookies is a smart-pointer; it internally borrows and refers to
the collection of cookies active during a request's life-cycle.
A type of Cookies can be retrieved via its FromRequest implementation as
a request guard or via the Request::cookies method. Individual cookies
can be retrieved via the get and get_private methods. Cookies can be
added or removed via the add, add_private, remove, and
remove_private methods.
The following short snippet shows Cookies being used as a request guard in
a handler to retrieve the value of a "message" cookie.
use rocket::http::Cookies;
#[get("/message")]
fn message(cookies: Cookies) -> Option<String> {
cookies.get("message").map(|c| format!("Message: {}", c.value()))
}The following snippet shows Cookies being retrieved from a Request in a
custom request guard implementation for User. A private cookie
containing a user's ID is retrieved. If the cookie exists and the ID parses
as an integer, a User structure is validated. Otherwise, the guard
forwards.
use rocket::http::Status;
use rocket::outcome::IntoOutcome;
use rocket::request::{self, Request, FromRequest};
struct User(usize);
impl<'a, 'r> FromRequest<'a, 'r> for User {
type Error = ();
fn from_request(request: &'a Request<'r>) -> request::Outcome<User, ()> {
request.cookies()
.get_private("user_id")
.and_then(|cookie| cookie.value().parse().ok())
.map(|id| User(id))
.or_forward(())
}
}Private cookies are just like regular cookies except that they are
encrypted using authenticated encryption, a form of encryption which
simultaneously provides confidentiality, integrity, and authenticity. This
means that private cookies cannot be inspected, tampered with, or
manufactured by clients. If you prefer, you can think of private cookies as
being signed and encrypted.
Private cookies can be retrieved, added, and removed from a Cookies
collection via the get_private, add_private, and remove_private
methods.
To encrypt private cookies, Rocket uses the 256-bit key specified in the
secret_key configuration parameter. If one is not specified, Rocket will
automatically generate a fresh key. Note, however, that a private cookie can
only be decrypted with the same key with which it was encrypted. As such, it
is important to set a secret_key configuration parameter when using
private cookies so that cookies decrypt properly after an application
restart. Rocket will emit a warning if an application is run in production
mode without a configured secret_key.
Generating a string suitable for use as a secret_key configuration value
is usually done through tools like openssl. Using openssl, for instance,
a 256-bit base64 key can be generated with the command openssl rand -base64 32.
Returns a reference to the Cookie inside this container with the name
name. If no such cookie exists, returns None.
use rocket::http::Cookies;
fn handler(cookies: Cookies) {
let cookie = cookies.get("name");
}Returns a reference to the Cookie inside this collection with the name
name and authenticates and decrypts the cookie's value, returning a
Cookie with the decrypted value. If the cookie cannot be found, or the
cookie fails to authenticate or decrypt, None is returned.
use rocket::http::Cookies;
fn handler(mut cookies: Cookies) {
let cookie = cookies.get_private("name");
}
Adds cookie to this collection.
use rocket::http::{Cookie, Cookies};
fn handler(mut cookies: Cookies) {
cookies.add(Cookie::new("name", "value"));
let cookie = Cookie::build("name", "value")
.path("/")
.secure(true)
.finish();
cookies.add(cookie);
}Adds cookie to the collection. The cookie's value is encrypted with
authenticated encryption assuring confidentiality, integrity, and
authenticity. The cookie can later be retrieved using
get_private and removed using
remove_private.
If a path is not set on cookie, the "/" path will automatically be
set. If a SameSite attribute is not set, the attribute will be set to
Strict. These defaults ensure maximum usability and security. For
additional security, you may wish to set the http_only flag.
use rocket::http::{Cookie, Cookies};
fn handler(mut cookies: Cookies) {
cookies.add_private(Cookie::new("name", "value"));
let mut cookie = Cookie::new("name", "value");
cookie.set_http_only(true);
cookies.add(cookie);
}
Removes cookie from this collection and generates a "removal" cookies
to send to the client on response. For correctness, cookie must
contain the same path and domain as the cookie that was initially
set. Failure to provide the initual path and domain will result in
cookies that are not properly removed.
A "removal" cookie is a cookie that has the same name as the original
cookie but has an empty value, a max-age of 0, and an expiration date
far in the past.
use rocket::http::{Cookie, Cookies};
fn handler(mut cookies: Cookies) {
cookies.remove(Cookie::named("name"));
}Removes the private cookie from the collection.
For correct removal, the passed in cookie must contain the same path
and domain as the cookie that was initially set. If a path is not set
on cookie, the "/" path will automatically be set.
use rocket::http::{Cookie, Cookies};
fn handler(mut cookies: Cookies) {
cookies.remove_private(Cookie::named("name"));
}
Returns an iterator over all of the cookies present in this collection.
use rocket::http::Cookies;
fn handler(cookies: Cookies) {
for c in cookies.iter() {
println!("Name: '{}', Value: '{}'", c.name(), c.value());
}
}
The associated error to be returned if derivation fails.
Derives an instance of Self from the incoming request metadata. Read more
Formats the value using the given formatter. Read more
🔬 This is a nightly-only experimental API. (try_from)
The type returned in the event of a conversion error.
🔬 This is a nightly-only experimental API. (try_from)
Immutably borrows from an owned value. Read more
🔬 This is a nightly-only experimental API. (get_type_id)
this method will likely be replaced by an associated static
🔬 This is a nightly-only experimental API. (try_from)
The type returned in the event of a conversion error.
🔬 This is a nightly-only experimental API. (try_from)
Mutably borrows from an owned value. Read more
Get the TypeId of this object.