1 --[[--

2 request.set_cookie{

3 name = name, -- name of cookie

4 value = value, -- value of cookie

5 domain = domain, -- optional domain domain where cookie is transmitted

6 path = path, -- optional path where cookie is transmitted, defaults to application base

7 secure = secure -- optional boolean, indicating if cookie should only be transmitted over HTTPS

8 }

9

10 This function is similar to rocketwiki.set_cookie{...}, except that it automatically sets the path to the application base. It also sets secure=true, if the secure option is unset and the application base URL starts with "https://".

11

12 --]]--

13

14 function request.set_cookie(args)

15 local args = table.new(args)

16 if not args.path then

17 args.path = string.match(

18 request.get_absolute_baseurl(),

19 "://[^/]*(.*)"

20 )

21 if args.path == nil then

22 args.path = "/"

23 end

24 end

25 if args.secure == nil then

26 if string.find(

27 string.lower(request.get_absolute_baseurl()),

28 "^https://"

29 ) then

30 args.secure = true

31 else

32 args.secure = false

33 end

34 end

35 assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name")

36 assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value")

37 local parts = {args.name .. "=" .. args.value}

38 if args.domain then

39 assert(

40 string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),

41 "Illegal cookie domain"

42 )

43 parts[#parts+1] = "domain=" .. args.domain

44 end

45 if args.path then

46 assert(

47 string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),

48 "Illegal cookie path"

49 )

50 parts[#parts+1] = "path=" .. args.path

51 end

52 if args.secure then

53 parts[#parts+1] = "secure"

54 end

55 request.add_header("Set-Cookie", table.concat(parts, "; "))

56 end