tufao  1.3.0
An asynchronous web framework for C++ built on top of Qt
Tufao::SessionSettings Struct Reference

The SessionSettings class exposes details that sessions use to handle cookies. More...

+ Collaboration diagram for Tufao::SessionSettings:

Public Member Functions

QNetworkCookie cookie (const QByteArray &value=QByteArray()) const
 Creates a cookie, using value as the cookie's value.
 

Static Public Member Functions

static QNetworkCookie cookie (const SessionSettings &settings, const QByteArray &value=QByteArray())
 Creates a cookie, using value as the cookie's value and settings as cookie's settings.
 

Public Attributes

int timeout
 Define the lifetime of cookies generated by this object (a timeout specified in minutes). More...
 
bool httpOnly
 Whether cookies generated by this object should only be used in HTTP requests. More...
 
QByteArray name
 The name to which cookies generated by this object are used. More...
 
QByteArray path
 The set of paths to which cookies generated by this object are used. More...
 
bool secure
 Whether cookies generated by this object should only be used through secure connections. More...
 
QByteArray domain
 The hosts to which cookies generated by this object are used. More...
 

Detailed Description

The SessionSettings class exposes details that sessions use to handle cookies.

Cookies are a mechanism to store state in the mostly stateless HTTP protocol. These details are the cookies attributes.

Note
Cookies don't provide isolation by port. For example, if a cookie is accessible by a service running on one port, it will also be accessible by a service running on another port on the same server.
Note
Cookies also don't provide isolation by scheme (HTTPS, HTTP, FTP, ...).
Warning
You should not create SessionSetting objects with equal names and different domain and paths hoping that SessionStore and some other objects making use of SessionSettings will work correctly. When a user agent sends a cookie, the only attributes sent in the request are the name and value pair, making impossible, in several cases, to identify the right cookie.
Since
0.4

Member Data Documentation

QByteArray Tufao::SessionSettings::domain

The hosts to which cookies generated by this object are used.

Note
Subdomains are also considered. For example, if this value is "example.com", the cookie generated by this SessionSettings object will also be used when the user agent request some resource to the host "wwww.example.com" and "www.corp.example.com".
Note
User agents will reject cookies unless this attribute specifies a scope for the cookie that would include the origin server. For example, it will accept the value "example.com" or "foo.example.com" coming from the server "foo.example.com", but it will reject the value "bar.example.com".
For security reasons, many user agents are configured to reject values that correspond to public suffixes, such as "com" and "co.uk".
Note
If is not specified, the default behaviour, the user agent will only include the cookie to requests made to the origin server. In other words, it will, for example, exclude any subdomains.
bool Tufao::SessionSettings::httpOnly

Whether cookies generated by this object should only be used in HTTP requests.

It prevents, for example, scripting engines in the user agent from accessing the cookie.

Note
You should turn this attribute true if you will use this cookie to store sensitive data.
QByteArray Tufao::SessionSettings::name

The name to which cookies generated by this object are used.

This is the main cookie access key.

QByteArray Tufao::SessionSettings::path

The set of paths to which cookies generated by this object are used.

Let's name this value as cookiePath and the path component of the uri of a request as requestPath. The cookie will be included in a request if one of the following conditions is true:

  • cookiePath == requestPath
  • requestPath.startsWith(cookiePath)
  • requestPath[0] == '/' && requestPath.mid(1).startsWith(cookiePath)
Note
If it's not specified, the user agent will choose a path based on the current request's uri path component.
Note
Cookies don't provide integrity protection to this attribute. For example, a service running on the path "/foo" can set a cookie with a path attribute with the value "/bar". As a result, servers should not both run mutually distrusting services on different paths of the same host and use cookies to store sensitive data.
bool Tufao::SessionSettings::secure

Whether cookies generated by this object should only be used through secure connections.

What "secure" channels means are defined by the user agent. This is typically HTTP over TLS.

Note
This attribute only protects cookie's confidentiality. An active network attacker can overwrite secure cookies from an insecure channel, disrupting their integrity.
You should turn this attribute true if you will use this cookie to store sensitive data.
See also
HttpsServer
int Tufao::SessionSettings::timeout

Define the lifetime of cookies generated by this object (a timeout specified in minutes).

The expiration date time is renewed every time SessionSetting generates a cookie.

Note
When not specified (the value is zero), the cookie expires at the end of the user agent current session (as defined by the user agent).

The documentation for this struct was generated from the following file: