jbe/bsw@16: --[[--
jbe/bsw@16: request.set_cookie{
jbe/bsw@16:   name   = name,     -- name of cookie
jbe/bsw@16:   value  = value,    -- value of cookie
jbe/bsw@16:   domain = domain,   -- optional domain domain where cookie is transmitted
jbe/bsw@16:   path   = path,     -- optional path where cookie is transmitted, defaults to application base
jbe/bsw@16:   secure = secure    -- optional boolean, indicating if cookie should only be transmitted over HTTPS
jbe/bsw@16: }
jbe/bsw@16: 
jbe/bsw@16: This function is similar to rocketwiki.set_cookie{...}, except that it automatically sets the path to the application base. It also sets secure=true, if the secure option is unset and the application base URL starts with "https://".
jbe/bsw@16: 
jbe/bsw@16: --]]--
jbe/bsw@16: 
jbe/bsw@16: function request.set_cookie(args)
jbe@223:   local args = table.new(args)
jbe@223:   if not args.path then
jbe@223:     args.path = string.match(
jbe/bsw@16:       request.get_absolute_baseurl(),
jbe/bsw@16:       "://[^/]*(.*)"
jbe/bsw@16:     )
jbe@249:     if args.path == nil then
jbe@249:       args.path = "/"
jbe/bsw@16:     end
jbe/bsw@16:   end
jbe@223:   if args.secure == nil then
jbe/bsw@16:     if string.find(
jbe/bsw@16:       string.lower(request.get_absolute_baseurl()),
jbe/bsw@16:       "^https://"
jbe/bsw@16:     ) then
jbe@223:       args.secure = true
jbe/bsw@16:     else
jbe@223:       args.secure = false
jbe/bsw@16:     end
jbe/bsw@16:   end
jbe@223:   assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name")
jbe@223:   assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value")
jbe@223:   local parts = {args.name .. "=" .. args.value}
jbe@223:   if args.domain then
jbe@223:     assert(
jbe@223:       string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
jbe@223:       "Illegal cookie domain"
jbe@223:     )
jbe@223:     parts[#parts+1] = "domain=" .. args.domain
jbe@223:   end
jbe@223:   if args.path then
jbe@223:     assert(
jbe@223:       string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
jbe@223:       "Illegal cookie path"
jbe@223:     )
jbe@223:     parts[#parts+1] = "path=" .. args.path
jbe@223:   end
jbe@223:   if args.secure then
jbe@223:     parts[#parts+1] = "secure"
jbe@223:   end
jbe@223:   request.add_header("Set-Cookie", table.concat(parts, "; "))
jbe/bsw@16: end