1. class
  2. Neos
  3. \
  4. Flow
  5. \
  6. Http
  7. \
  8. Cookie

Cookie

class Cookie (View source)

Represents a HTTP Cookie as of RFC 6265

Constants

PATTERN_TOKEN

A token as per RFC 2616, Section 2.2
PATTERN_MAX_AGE

The max age pattern as per RFC 6265, Section 5.2.2
PATTERN_DOMAIN

A simplified pattern for a basically valid domain () as per RFC 6265, 4.1.1 / RFC 1034, 3.5 + RFC 1123, 2.1
PATTERN_PATH

A path as per RFC 6265, 4.1.1
SAMESITE_NONE

SAMESITE_LAX

SAMESITE_STRICT

Properties

protected string $name

Cookie Name, a token (RFC 6265, 4.1.1)
protected string $value
protected int $expiresTimestamp

Unix timestamp of the expiration date / time or 0 for "session" expiration (RFC 6265, 4.1.2.1)
protected int $maximumAge

Number of seconds until the cookie expires (RFC 6265, 4.1.2.2)
protected string $domain

Hosts to which this cookie will be sent (RFC 6265, 4.1.2.3)
protected string $path
protected bool $secure
protected bool $httpOnly
protected string $sameSite

Possible values: none, lax, or strict (RFC 6265bis-05, 8.8)

Methods

__construct(string $name, mixed $value = null, int|DateTime $expires = 0, int $maximumAge = null, string $domain = null, string $path = '/', bool $secure = false, bool $httpOnly = true, string $sameSite = null)

Constructs a new Cookie object

static Cookie|null
createFromRawSetCookieHeader(string $header)

Creates a cookie (an instance of this class) by a provided raw header string like "foo=507d9f20317a5; path=/; domain=.example.org" This is is an implementation of the algorithm explained in RFC 6265, Section 5.2 A basic statement of this algorithm is to "ignore the set-cookie-string entirely" in case a required condition is not met. In these cases this function will return NULL rather than the created cookie.

string
getName()

Returns the name of this cookie

mixed
getValue()

Returns the value of this cookie

void
setValue(mixed $value)

Sets the value of this cookie

int
getExpires()

Returns the date and time of the Expires attribute, if any.

int|null
getMaximumAge()

Returns the number of seconds until the cookie expires, if defined.

string
getDomain()

Returns the domain this cookie is valid for.

string
getPath()

Returns the path this cookie is valid for.

bool
isSecure()

Tells if the cookie was flagged to be sent over "secure" channels only.

bool
isHttpOnly()

Tells if this cookie should only be used through the HTTP protocol.

string|null
getSameSite()

Returns the SameSite of this cookie

void
expire()

Marks this cookie for removal.

bool
isExpired()

Tells if this cookie is expired and will be removed in the user agent when it received the response containing this cookie.

string
__toString()

Renders the field value suitable for a HTTP "Set-Cookie" header.

Details

at line 126
__construct(string $name, mixed $value = null, int|DateTime $expires = 0, int $maximumAge = null, string $domain = null, string $path = '/', bool $secure = false, bool $httpOnly = true, string $sameSite = null)

Constructs a new Cookie object

Parameters

string $name

The cookie name as a valid token (RFC 2616)
mixed $value

The value to store in the cookie. Must be possible to cast into a string.
int|DateTime $expires

Date and time after which this cookie expires.
int $maximumAge

Number of seconds until the cookie expires.
string $domain

The host to which the user agent will send this cookie
string $path

The path describing the scope of this cookie
bool $secure

If this cookie should only be sent through a "secure" channel by the user agent
bool $httpOnly

If this cookie should only be used through the HTTP protocol
string $sameSite

If this cookie should restricted to a first-party or top-level navigation or third-party context

Exceptions

InvalidArgumentException

at line 175
static Cookie|null createFromRawSetCookieHeader(string $header)

Creates a cookie (an instance of this class) by a provided raw header string like "foo=507d9f20317a5; path=/; domain=.example.org" This is is an implementation of the algorithm explained in RFC 6265, Section 5.2 A basic statement of this algorithm is to "ignore the set-cookie-string entirely" in case a required condition is not met. In these cases this function will return NULL rather than the created cookie.

Parameters

string $header

The Set-Cookie string without the actual "Set-Cookie:" part

Return Value

Cookie|null

See also

http://tools.ietf.org/html/rfc6265

at line 271
string getName()

Returns the name of this cookie

Return Value

string

The cookie name

at line 282
mixed getValue()

Returns the value of this cookie

Return Value

mixed

at line 294
void setValue(mixed $value)

Sets the value of this cookie

Parameters

mixed $value

The new value

Return Value

void

at line 310
int getExpires()

Returns the date and time of the Expires attribute, if any.

Note that this date / time is returned as a unix timestamp, no matter what the format was originally set through the constructor of this Cookie.

The special case "no expiration time" is returned in form of a zero value.

Return Value

int

A unix timestamp or 0

at line 324
int|null getMaximumAge()

Returns the number of seconds until the cookie expires, if defined.

This information is rendered as the Max-Age attribute (RFC 6265, 4.1.2.2). Note that not all browsers support this attribute.

Return Value

int|null

The maximum age in seconds, or NULL if none has been defined.

at line 335
string getDomain()

Returns the domain this cookie is valid for.

Return Value

string

The domain name

at line 346
string getPath()

Returns the path this cookie is valid for.

Return Value

string

The path

at line 360
bool isSecure()

Tells if the cookie was flagged to be sent over "secure" channels only.

This security measure only has a limited effect. Please read RFC 6265 Section 8.6 for more details.

Return Value

bool

State of the "Secure" attribute

at line 371
bool isHttpOnly()

Tells if this cookie should only be used through the HTTP protocol.

Return Value

bool

State of the "HttpOnly" attribute

at line 382
string|null getSameSite()

Returns the SameSite of this cookie

Return Value

string|null

at line 395
void expire()

Marks this cookie for removal.

On executing this method, the expiry time of this cookie is set to a point in time in the past triggers the removal of the cookie in the user agent.

Return Value

void

at line 407
bool isExpired()

Tells if this cookie is expired and will be removed in the user agent when it received the response containing this cookie.

Return Value

bool

True if this cookie is expired

at line 417
string __toString()

Renders the field value suitable for a HTTP "Set-Cookie" header.

Return Value

string