Managing Cookies for PSR-7 Requests and Responses.
$> composer require dflydev/fig-cookies
FIG Cookies tackles two problems, managing Cookie Request headers and
managing Set-Cookie Response headers. It does this by way of introducing
a Cookies
class to manage collections of Cookie
instances and a
SetCookies
class to manage collections of SetCookie
instances.
Instantiating these collections looks like this:
// Get a collection representing the cookies in the Cookie headers
// of a PSR-7 Request.
$cookies = Dflydev\FigCookies\Cookies::fromRequest($request);
// Get a collection representing the cookies in the Set-Cookie headers
// of a PSR-7 Response
$setCookies = Dflydev\FigCookies\SetCookies::fromResponse($response);
After modifying these collections in some way, they are rendered into a PSR-7 Request or PSR-7 Response like this:
// Render the Cookie headers and add them to the headers of a
// PSR-7 Request.
$request = $cookies->renderIntoCookieHeader($request);
// Render the Set-Cookie headers and add them to the headers of a
// PSR-7 Response.
$response = $setCookies->renderIntoSetCookieHeader($response);
Like PSR-7 Messages, Cookie
, Cookies
, SetCookie
, and SetCookies
are all represented as immutable value objects and all mutators will
return new instances of the original with the requested changes.
While this style of design has many benefits it can become fairly verbose very quickly. In order to get around that, FIG Cookies provides two facades in an attempt to help simplify things and make the whole process less verbose.
The easiest way to start working with FIG Cookies is by using the
FigRequestCookies
and FigResponseCookies
classes. They are facades to the
primitive FIG Cookies classes. Their jobs are to make common cookie related
tasks easier and less verbose than working with the primitive classes directly.
There is overhead on creating Cookies
and SetCookies
and rebuilding
requests and responses. Each of the FigCookies
methods will go through this
process so be wary of using too many of these calls in the same section of
code. In some cases it may be better to work with the primitive FIG Cookies
classes directly rather than using the facades.
Requests include cookie information in the Cookie request header. The
cookies in this header are represented by the Cookie
class.
use Dflydev\FigCookies\Cookie;
$cookie = Cookie::create('theme', 'blue');
To easily work with request cookies, use the FigRequestCookies
facade.
The get
method will return a Cookie
instance. If no cookie by the specified
name exists, the returned Cookie
instance will have a null
value.
The optional third parameter to get
sets the value that should be used if a
cookie does not exist.
use Dflydev\FigCookies\FigRequestCookies;
$cookie = FigRequestCookies::get($request, 'theme');
$cookie = FigRequestCookies::get($request, 'theme', 'default-theme');
The set
method will either add a cookie or replace an existing cookie.
The Cookie
primitive is used as the second argument.
use Dflydev\FigCookies\FigRequestCookies;
$request = FigRequestCookies::set($request, Cookie::create('theme', 'blue'));
The modify
method allows for replacing the contents of a cookie based on the
current cookie with the specified name. The third argument is a callable
that
takes a Cookie
instance as its first argument and is expected to return a
Cookie
instance.
If no cookie by the specified name exists, a new Cookie
instance with a
null
value will be passed to the callable.
use Dflydev\FigCookies\FigRequestCookies;
$modify = function (Cookie $cookie) {
$value = $cookie->getValue();
// ... inspect current $value and determine if $value should
// change or if it can stay the same. in all cases, a cookie
// should be returned from this callback...
return $cookie->withValue($value);
}
$request = FigRequestCookies::modify($request, 'theme', $modify);
The remove
method removes a cookie from the request headers if it exists.
use Dflydev\FigCookies\FigRequestCookies;
$request = FigRequestCookies::remove($request, 'theme');
Note that this does not cause the client to remove the cookie. Take a look at
the SetCookie
class' expire()
method to do that.
Responses include cookie information in the Set-Cookie response header. The
cookies in these headers are represented by the SetCookie
class.
use Dflydev\FigCookies\Modifier\SameSite;
use Dflydev\FigCookies\SetCookie;
$setCookie = SetCookie::create('lu')
->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')
->withExpires('Tue, 15-Jan-2013 21:47:38 GMT')
->withMaxAge(500)
->rememberForever()
->withPath('/')
->withDomain('.example.com')
->withSecure(true)
->withHttpOnly(true)
->withSameSite(SameSite::lax())
;
To easily work with response cookies, use the FigResponseCookies
facade.
The get
method will return a SetCookie
instance. If no cookie by the
specified name exists, the returned SetCookie
instance will have a null
value.
The optional third parameter to get
sets the value that should be used if a
cookie does not exist.
use Dflydev\FigCookies\FigResponseCookies;
$setCookie = FigResponseCookies::get($response, 'theme');
$setCookie = FigResponseCookies::get($response, 'theme', 'simple');
The set
method will either add a cookie or replace an existing cookie.
The SetCookie
primitive is used as the second argument.
use Dflydev\FigCookies\FigResponseCookies;
$response = FigResponseCookies::set($response, SetCookie::create('token')
->withValue('a9s87dfz978a9')
->withDomain('example.com')
->withPath('/firewall')
);
The modify
method allows for replacing the contents of a cookie based on the
current cookie with the specified name. The third argument is a callable
that
takes a SetCookie
instance as its first argument and is expected to return a
SetCookie
instance.
If no cookie by the specified name exists, a new SetCookie
instance with a
null
value will be passed to the callable.
use Dflydev\FigCookies\FigResponseCookies;
$modify = function (SetCookie $setCookie) {
$value = $setCookie->getValue();
// ... inspect current $value and determine if $value should
// change or if it can stay the same. in all cases, a cookie
// should be returned from this callback...
return $setCookie
->withValue($newValue)
->withExpires($newExpires)
;
}
$response = FigResponseCookies::modify($response, 'theme', $modify);
The remove
method removes a cookie from the response if it exists.
use Dflydev\FigCookies\FigResponseCookies;
$response = FigResponseCookies::remove($response, 'theme');
The expire
method sets a cookie with an expiry date in the far past. This
causes the client to remove the cookie.
Note that in order to expire a cookie, you need to configure its Set-Cookie
header just like when you initially wrote the cookie (i.e. same domain/path).
The easiest way to do this is to re-use the same code for configuring the
header when setting as well as expiring the cookie:
use Dflydev\FigCookies\FigResponseCookies;
use Dflydev\FigCookies\SetCookie;
$setCookie = SetCookie::create('ba')
->withValue('UQdfdafpJJ23k111m')
->withPath('/')
->withDomain('.example.com')
;
FigResponseCookies::set($response, $setCookie->expire());
setcookies
?No.
Delivery of the rendered SetCookie
instances is the responsibility of the
PSR-7 client implementation.
No.
It would be possible to build session handling using cookies on top of FIG Cookies but it is out of scope for this package.
$_COOKIES
?No.
FIG Cookies only pays attention to the Cookie
headers on
PSR-7 Request
instances. In the case of ServerRequestInterface
instances, PSR-7
implementations should be including $_COOKIES
values in the headers
so in that case FIG Cookies may be interacting with $_COOKIES
indirectly.
MIT, see LICENSE.
Want to get involved? Here are a few ways: