rocket::http

Enum Cookies

pub enum Cookies<'a> {
    // some variants omitted
}
Expand description

Collection of one or more HTTP cookies.

The Cookies type allows for retrieval of cookies from an incoming request as well as modifications to cookies to be reflected by Rocket on outgoing responses. Cookies is a smart-pointer; it internally borrows and refers to the collection of cookies active during a request’s life-cycle.

§Usage

A type of Cookies can be retrieved via its FromRequest implementation as a request guard or via the Request::cookies() method. Individual cookies can be retrieved via the get() and get_private() methods. Cookies can be added or removed via the add(), add_private(), remove(), and remove_private() methods.

§Examples

The following short snippet shows Cookies being used as a request guard in a handler to retrieve the value of a “message” cookie.

use rocket::http::Cookies;

#[get("/message")]
fn message(cookies: Cookies) -> Option<String> {
    cookies.get("message").map(|c| format!("Message: {}", c.value()))
}

The following snippet shows Cookies being retrieved from a Request in a custom request guard implementation for User. A private cookie containing a user’s ID is retrieved. If the cookie exists and the ID parses as an integer, a User structure is validated. Otherwise, the guard forwards.

use rocket::http::Status;
use rocket::outcome::IntoOutcome;
use rocket::request::{self, Request, FromRequest};

// In practice, we'd probably fetch the user from the database.
struct User(usize);

impl<'a, 'r> FromRequest<'a, 'r> for User {
    type Error = !;

    fn from_request(request: &'a Request<'r>) -> request::Outcome<User, !> {
        request.cookies()
            .get_private("user_id")
            .and_then(|cookie| cookie.value().parse().ok())
            .map(|id| User(id))
            .or_forward(())
    }
}

§Private Cookies

Private cookies are just like regular cookies except that they are encrypted using authenticated encryption, a form of encryption which simultaneously provides confidentiality, integrity, and authenticity. This means that private cookies cannot be inspected, tampered with, or manufactured by clients. If you prefer, you can think of private cookies as being signed and encrypted.

Private cookies can be retrieved, added, and removed from a Cookies collection via the get_private(), add_private(), and remove_private() methods.

§Encryption Key

To encrypt private cookies, Rocket uses the 256-bit key specified in the secret_key configuration parameter. If one is not specified, Rocket will automatically generate a fresh key. Note, however, that a private cookie can only be decrypted with the same key with which it was encrypted. As such, it is important to set a secret_key configuration parameter when using private cookies so that cookies decrypt properly after an application restart. Rocket will emit a warning if an application is run in production mode without a configured secret_key.

Generating a string suitable for use as a secret_key configuration value is usually done through tools like openssl. Using openssl, for instance, a 256-bit base64 key can be generated with the command openssl rand -base64 32.

Implementations§

§

impl<'a> Cookies<'a>

pub fn get(&self, name: &str) -> Option<&Cookie<'static>>

Returns a reference to the Cookie inside this container with the name name. If no such cookie exists, returns None.

§Example
use rocket::http::Cookies;

fn handler(cookies: Cookies) {
    let cookie = cookies.get("name");
}

pub fn add(&mut self, cookie: Cookie<'static>)

Adds cookie to this collection.

§Example
use rocket::http::{Cookie, Cookies};

fn handler(mut cookies: Cookies) {
    cookies.add(Cookie::new("name", "value"));

    let cookie = Cookie::build("name", "value")
        .path("/")
        .secure(true)
        .finish();

    cookies.add(cookie);
}

pub fn remove(&mut self, cookie: Cookie<'static>)

Removes cookie from this collection and generates a “removal” cookies to send to the client on response. For correctness, cookie must contain the same path and domain as the cookie that was initially set. Failure to provide the initial path and domain will result in cookies that are not properly removed.

A “removal” cookie is a cookie that has the same name as the original cookie but has an empty value, a max-age of 0, and an expiration date far in the past.

§Example
use rocket::http::{Cookie, Cookies};

fn handler(mut cookies: Cookies) {
    cookies.remove(Cookie::named("name"));
}

pub fn iter(&self) -> impl Iterator<Item = &Cookie<'static>>

Returns an iterator over all of the cookies present in this collection.

§Example
use rocket::http::Cookies;

fn handler(cookies: Cookies) {
    for c in cookies.iter() {
        println!("Name: '{}', Value: '{}'", c.name(), c.value());
    }
}
§

impl<'a> Cookies<'a>

pub fn get_private(&mut self, name: &str) -> Option<Cookie<'static>>

Returns a reference to the Cookie inside this collection with the name name and authenticates and decrypts the cookie’s value, returning a Cookie with the decrypted value. If the cookie cannot be found, or the cookie fails to authenticate or decrypt, None is returned.

This method is only available when the private-cookies feature is enabled.

§Example
use rocket::http::Cookies;

fn handler(mut cookies: Cookies) {
    let cookie = cookies.get_private("name");
}

pub fn add_private(&mut self, cookie: Cookie<'static>)

Adds cookie to the collection. The cookie’s value is encrypted with authenticated encryption assuring confidentiality, integrity, and authenticity. The cookie can later be retrieved using get_private and removed using remove_private.

Unless a value is supplied for the given key, the following defaults are set on cookie before being added to self:

  • path: "/"
  • SameSite: Strict
  • HttpOnly: true
  • Expires: 1 week from now

These defaults ensure maximum usability and security. For additional security, you may wish to set the secure flag.

This method is only available when the private-cookies feature is enabled.

§Example
use rocket::http::{Cookie, Cookies};

fn handler(mut cookies: Cookies) {
    cookies.add_private(Cookie::new("name", "value"));
}

pub fn remove_private(&mut self, cookie: Cookie<'static>)

Removes the private cookie from the collection.

For correct removal, the passed in cookie must contain the same path and domain as the cookie that was initially set. If a path is not set on cookie, the "/" path will automatically be set.

This method is only available when the private-cookies feature is enabled.

§Example
use rocket::http::{Cookie, Cookies};

fn handler(mut cookies: Cookies) {
    cookies.remove_private(Cookie::named("name"));
}

Trait Implementations§

§

impl<'a> Debug for Cookies<'a>

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl<'a, 'r> FromRequest<'a, 'r> for Cookies<'a>

Source§

type Error = !

The associated error to be returned if derivation fails.
Source§

fn from_request(request: &'a Request<'r>) -> Outcome<Self, Self::Error>

Derives an instance of Self from the incoming request metadata. Read more

Auto Trait Implementations§

§

impl<'a> Freeze for Cookies<'a>

§

impl<'a> !RefUnwindSafe for Cookies<'a>

§

impl<'a> !Send for Cookies<'a>

§

impl<'a> !Sync for Cookies<'a>

§

impl<'a> Unpin for Cookies<'a>

§

impl<'a> !UnwindSafe for Cookies<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T, I> AsResult<T, I> for T
where I: Input,

Source§

fn as_result(self) -> Result<T, ParseErr<I>>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> IntoCollection<T> for T

§

fn into_collection<A>(self) -> SmallVec<A>
where A: Array<Item = T>,

Converts self into a collection.
§

fn mapped<U, F, A>(self, f: F) -> SmallVec<A>
where F: FnMut(T) -> U, A: Array<Item = U>,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> Typeable for T
where T: Any,

Source§

fn get_type(&self) -> TypeId

Get the TypeId of this object.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V