diff --git a/Documentation/Books/Manual/Foxx/Router/Response.mdpp b/Documentation/Books/Manual/Foxx/Router/Response.mdpp index adc6a1801b..3851cba814 100644 --- a/Documentation/Books/Manual/Foxx/Router/Response.mdpp +++ b/Documentation/Books/Manual/Foxx/Router/Response.mdpp @@ -59,35 +59,35 @@ Sets a cookie with the given name. An object with any of the following properties: + * **ttl**: `number` (optional) + + Time to live of the cookie in seconds. + + * **algorithm**: `string` (Default: `"sha256"`) + + Algorithm that will be used to sign the cookie. + * **secret**: `string` (optional) Secret that will be used to sign the cookie. If a secret is specified, the cookie's signature will be stored in a second cookie with the same options, the same name and the suffix `.sig`. Otherwise no signature will be added. - * **algorithm**: `string` (Default: `"sha256"`) + * **path**: `string` (optional) - Algorithm that will be used to sign the cookie. + Path for which the cookie should be issued. - * **ttl**: `number` (optional) + * **domain**: `string` (optional) - Time to live of the cookie. + Domain for which the cookie should be issued. - * **path**: `number` (optional) - - Path of the cookie. - - * **domain**: `number` (optional) - - Domain of the cookie. - - * **secure**: `number` (Default: `false`) + * **secure**: `boolean` (Default: `false`) Whether the cookie should be marked as secure (i.e. HTTPS/SSL-only). * **httpOnly**: `boolean` (Default: `false`) - Whether the cookie should be marked as HTTP-only. + Whether the cookie should be marked as HTTP-only (rather than also exposing it to client-side code). If a string is passed instead of an options object it will be interpreted as the *secret* option. diff --git a/Documentation/Books/Manual/Foxx/Sessions/Transports/Cookie.mdpp b/Documentation/Books/Manual/Foxx/Sessions/Transports/Cookie.mdpp index ac37903870..1a4f3fe2a5 100644 --- a/Documentation/Books/Manual/Foxx/Sessions/Transports/Cookie.mdpp +++ b/Documentation/Books/Manual/Foxx/Sessions/Transports/Cookie.mdpp @@ -51,4 +51,20 @@ Creates a [Transport](README.md) that can be used in the sessions middleware. Secret to use for the signed cookie. Will be ignored if no algorithm is provided. + * **path**: `string` (optional) + + Path for which the cookie should be issued. + + * **domain**: `string` (optional) + + Domain for which the cookie should be issued. + + * **secure**: `boolean` (Default: `false`) + + Whether the cookie should be marked as secure (i.e. HTTPS/SSL-only). + + * **httpOnly**: `boolean` (Default: `false`) + + Whether the cookie should be marked as HTTP-only (rather than also exposing it to client-side code). + If a string is passed instead of an options object, it will be interpreted as the *name* option. diff --git a/Documentation/Books/Manual/ReleaseNotes/NewFeatures32.mdpp b/Documentation/Books/Manual/ReleaseNotes/NewFeatures32.mdpp index 0d42b13140..f7f0da0da0 100644 --- a/Documentation/Books/Manual/ReleaseNotes/NewFeatures32.mdpp +++ b/Documentation/Books/Manual/ReleaseNotes/NewFeatures32.mdpp @@ -57,3 +57,4 @@ Authentication Foxx ---- +The [cookie session transport](../Foxx/Sessions/Transports/Cookie.md) now supports all options supported by the [cookie method of the response object](../Foxx/Router/Response.md#cookie). \ No newline at end of file diff --git a/js/server/modules/@arangodb/foxx/sessions/transports/cookie.js b/js/server/modules/@arangodb/foxx/sessions/transports/cookie.js index 44116f3d18..b480428f37 100644 --- a/js/server/modules/@arangodb/foxx/sessions/transports/cookie.js +++ b/js/server/modules/@arangodb/foxx/sessions/transports/cookie.js @@ -34,10 +34,23 @@ module.exports = function cookieTransport (cfg) { assert(!cfg.algorithm || cfg.secret, 'Must specify a secret when specifying an algorithm'); const name = cfg.name || 'sid'; const ttl = cfg.ttl || undefined; - const opts = cfg.secret ? { - secret: cfg.secret, - algorithm: cfg.algorithm - } : undefined; + const opts = {}; + if (cfg.secret) { + opts.secret = cfg.secret; + opts.algorithm = cfg.algorithm; + } + if (cfg.path) { + opts.path = cfg.path; + } + if (cfg.domain) { + opts.domain = cfg.domain; + } + if (cfg.secure) { + opts.secure = cfg.secure; + } + if (cfg.httpOnly) { + opts.httpOnly = cfg.httpOnly; + } return { get(req) { return req.cookie(name, opts);