dflydev/fig-cookies

Cookies for PSR-7 HTTP Message Interface.

v3.1.0 2023-07-18 20:41 UTC

README

Managing Cookies for PSR-7 Requests and Responses.

Latest Stable Version Total Downloads Latest Unstable Version License
Build Status Scrutinizer Code Quality Code Coverage Code Climate
Join the chat at https://gitter.im/dflydev/dflydev-fig-cookies

Installation

$> composer require dflydev/fig-cookies

Concepts

FIG Cookies tackles two problems, managing Cookie Request headers and managing Set-Cookie Response headers. It does this by way of introducing a Cookies class to manage collections of Cookie instances and a SetCookies class to manage collections of SetCookie instances.

Instantiating these collections looks like this:

// Get a collection representing the cookies in the Cookie headers
// of a PSR-7 Request.
$cookies = Dflydev\FigCookies\Cookies::fromRequest($request);

// Get a collection representing the cookies in the Set-Cookie headers
// of a PSR-7 Response
$setCookies = Dflydev\FigCookies\SetCookies::fromResponse($response);

After modifying these collections in some way, they are rendered into a PSR-7 Request or PSR-7 Response like this:

// Render the Cookie headers and add them to the headers of a
// PSR-7 Request.
$request = $cookies->renderIntoCookieHeader($request);

// Render the Set-Cookie headers and add them to the headers of a
// PSR-7 Response.
$response = $setCookies->renderIntoSetCookieHeader($response);

Like PSR-7 Messages, Cookie, Cookies, SetCookie, and SetCookies are all represented as immutable value objects and all mutators will return new instances of the original with the requested changes.

While this style of design has many benefits it can become fairly verbose very quickly. In order to get around that, FIG Cookies provides two facades in an attempt to help simplify things and make the whole process less verbose.

Basic Usage

The easiest way to start working with FIG Cookies is by using the FigRequestCookies and FigResponseCookies classes. They are facades to the primitive FIG Cookies classes. Their jobs are to make common cookie related tasks easier and less verbose than working with the primitive classes directly.

There is overhead on creating Cookies and SetCookies and rebuilding requests and responses. Each of the FigCookies methods will go through this process so be wary of using too many of these calls in the same section of code. In some cases it may be better to work with the primitive FIG Cookies classes directly rather than using the facades.

Request Cookies

Requests include cookie information in the Cookie request header. The cookies in this header are represented by the Cookie class.

use Dflydev\FigCookies\Cookie;

$cookie = Cookie::create('theme', 'blue');

To easily work with request cookies, use the FigRequestCookies facade.

Get a Request Cookie

The get method will return a Cookie instance. If no cookie by the specified name exists, the returned Cookie instance will have a null value.

The optional third parameter to get sets the value that should be used if a cookie does not exist.

use Dflydev\FigCookies\FigRequestCookies;

$cookie = FigRequestCookies::get($request, 'theme');
$cookie = FigRequestCookies::get($request, 'theme', 'default-theme');

Set a Request Cookie

The set method will either add a cookie or replace an existing cookie.

The Cookie primitive is used as the second argument.

use Dflydev\FigCookies\FigRequestCookies;

$request = FigRequestCookies::set($request, Cookie::create('theme', 'blue'));

Modify a Request Cookie

The modify method allows for replacing the contents of a cookie based on the current cookie with the specified name. The third argument is a callable that takes a Cookie instance as its first argument and is expected to return a Cookie instance.

If no cookie by the specified name exists, a new Cookie instance with a null value will be passed to the callable.

use Dflydev\FigCookies\FigRequestCookies;

$modify = function (Cookie $cookie) {
    $value = $cookie->getValue();

    // ... inspect current $value and determine if $value should
    // change or if it can stay the same. in all cases, a cookie
    // should be returned from this callback...

    return $cookie->withValue($value);
}

$request = FigRequestCookies::modify($request, 'theme', $modify);

Remove a Request Cookie

The remove method removes a cookie from the request headers if it exists.

use Dflydev\FigCookies\FigRequestCookies;

$request = FigRequestCookies::remove($request, 'theme');

Note that this does not cause the client to remove the cookie. Take a look at the SetCookie class' expire() method to do that.

Response Cookies

Responses include cookie information in the Set-Cookie response header. The cookies in these headers are represented by the SetCookie class.

use Dflydev\FigCookies\Modifier\SameSite;
use Dflydev\FigCookies\SetCookie;

$setCookie = SetCookie::create('lu')
    ->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')
    ->withExpires('Tue, 15-Jan-2013 21:47:38 GMT')
    ->withMaxAge(500)
    ->rememberForever()
    ->withPath('/')
    ->withDomain('.example.com')
    ->withSecure(true)
    ->withHttpOnly(true)
    ->withSameSite(SameSite::lax())
;

To easily work with response cookies, use the FigResponseCookies facade.

Get a Response Cookie

The get method will return a SetCookie instance. If no cookie by the specified name exists, the returned SetCookie instance will have a null value.

The optional third parameter to get sets the value that should be used if a cookie does not exist.

use Dflydev\FigCookies\FigResponseCookies;

$setCookie = FigResponseCookies::get($response, 'theme');
$setCookie = FigResponseCookies::get($response, 'theme', 'simple');

Set a Response Cookie

The set method will either add a cookie or replace an existing cookie.

The SetCookie primitive is used as the second argument.

use Dflydev\FigCookies\FigResponseCookies;

$response = FigResponseCookies::set($response, SetCookie::create('token')
    ->withValue('a9s87dfz978a9')
    ->withDomain('example.com')
    ->withPath('/firewall')
);

Modify a Response Cookie

The modify method allows for replacing the contents of a cookie based on the current cookie with the specified name. The third argument is a callable that takes a SetCookie instance as its first argument and is expected to return a SetCookie instance.

If no cookie by the specified name exists, a new SetCookie instance with a null value will be passed to the callable.

use Dflydev\FigCookies\FigResponseCookies;

$modify = function (SetCookie $setCookie) {
    $value = $setCookie->getValue();

    // ... inspect current $value and determine if $value should
    // change or if it can stay the same. in all cases, a cookie
    // should be returned from this callback...

    return $setCookie
        ->withValue($newValue)
        ->withExpires($newExpires)
    ;
}

$response = FigResponseCookies::modify($response, 'theme', $modify);

Remove a Response Cookie

The remove method removes a cookie from the response if it exists.

use Dflydev\FigCookies\FigResponseCookies;

$response = FigResponseCookies::remove($response, 'theme');

Expire a Response Cookie

The expire method sets a cookie with an expiry date in the far past. This causes the client to remove the cookie.

Note that in order to expire a cookie, you need to configure its Set-Cookie header just like when you initially wrote the cookie (i.e. same domain/path). The easiest way to do this is to re-use the same code for configuring the header when setting as well as expiring the cookie:

use Dflydev\FigCookies\FigResponseCookies;
use Dflydev\FigCookies\SetCookie;

$setCookie = SetCookie::create('ba')
    ->withValue('UQdfdafpJJ23k111m')
    ->withPath('/')
    ->withDomain('.example.com')
;

FigResponseCookies::set($response, $setCookie->expire());

FAQ

Do you call setcookies?

No.

Delivery of the rendered SetCookie instances is the responsibility of the PSR-7 client implementation.

Do you do anything with sessions?

No.

It would be possible to build session handling using cookies on top of FIG Cookies but it is out of scope for this package.

Do you read from $_COOKIES?

No.

FIG Cookies only pays attention to the Cookie headers on PSR-7 Request instances. In the case of ServerRequestInterface instances, PSR-7 implementations should be including $_COOKIES values in the headers so in that case FIG Cookies may be interacting with $_COOKIES indirectly.

License

MIT, see LICENSE.

Community

Want to get involved? Here are a few ways:

  • Find us in the #dflydev IRC channel on irc.freenode.org.
  • Mention @dflydev on Twitter.
  • Join the chat at https://gitter.im/dflydev/dflydev-fig-cookies