Cookie.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. <?php
  2. /**
  3. * @link https://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license https://www.yiiframework.com/license/
  6. */
  7. namespace yii\web;
  8. /**
  9. * Cookie represents information related with a cookie, such as [[name]], [[value]], [[domain]], etc.
  10. *
  11. * For more details and usage information on Cookie, see the [guide article on handling cookies](guide:runtime-sessions-cookies).
  12. *
  13. * @author Qiang Xue <qiang.xue@gmail.com>
  14. * @since 2.0
  15. */
  16. class Cookie extends \yii\base\BaseObject
  17. {
  18. /**
  19. * SameSite policy Lax will prevent the cookie from being sent by the browser in all cross-site browsing context
  20. * during CSRF-prone request methods (e.g. POST, PUT, PATCH etc).
  21. * E.g. a POST request from https://otherdomain.com to https://yourdomain.com will not include the cookie, however a GET request will.
  22. * When a user follows a link from https://otherdomain.com to https://yourdomain.com it will include the cookie
  23. * @see sameSite
  24. */
  25. const SAME_SITE_LAX = 'Lax';
  26. /**
  27. * SameSite policy Strict will prevent the cookie from being sent by the browser in all cross-site browsing context
  28. * regardless of the request method and even when following a regular link.
  29. * E.g. a GET request from https://otherdomain.com to https://yourdomain.com or a user following a link from
  30. * https://otherdomain.com to https://yourdomain.com will not include the cookie.
  31. * @see sameSite
  32. */
  33. const SAME_SITE_STRICT = 'Strict';
  34. /**
  35. * SameSite policy None disables the SameSite policy so cookies will be sent in all contexts,
  36. * i.e in responses to both first-party and cross-origin requests.
  37. * E.g. a POST request from https://otherdomain.com to https://yourdomain.com will include the cookie.
  38. * Note: If `sameSite` is set to None, the `secure` attribute must be set to `true` (otherwise the cookie will be blocked by the browser).
  39. * @see sameSite
  40. * @see secure
  41. * @since 2.0.43
  42. */
  43. const SAME_SITE_NONE = 'None';
  44. /**
  45. * @var string name of the cookie
  46. */
  47. public $name;
  48. /**
  49. * @var string value of the cookie
  50. */
  51. public $value = '';
  52. /**
  53. * @var string domain of the cookie
  54. */
  55. public $domain = '';
  56. /**
  57. * @var int the timestamp at which the cookie expires. This is the server timestamp.
  58. * Defaults to 0, meaning "until the browser is closed".
  59. */
  60. public $expire = 0;
  61. /**
  62. * @var string the path on the server in which the cookie will be available on. The default is '/'.
  63. */
  64. public $path = '/';
  65. /**
  66. * @var bool whether cookie should be sent via secure connection
  67. */
  68. public $secure = false;
  69. /**
  70. * @var bool whether the cookie should be accessible only through the HTTP protocol.
  71. * By setting this property to true, the cookie will not be accessible by scripting languages,
  72. * such as JavaScript, which can effectively help to reduce identity theft through XSS attacks.
  73. */
  74. public $httpOnly = true;
  75. /**
  76. * @var string SameSite prevents the browser from sending this cookie along with cross-site requests.
  77. *
  78. * See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for more information about sameSite.
  79. *
  80. * @since 2.0.21
  81. */
  82. public $sameSite = self::SAME_SITE_LAX;
  83. /**
  84. * Magic method to turn a cookie object into a string without having to explicitly access [[value]].
  85. *
  86. * ```php
  87. * if (isset($request->cookies['name'])) {
  88. * $value = (string) $request->cookies['name'];
  89. * }
  90. * ```
  91. *
  92. * @return string The value of the cookie. If the value property is null, an empty string will be returned.
  93. */
  94. public function __toString()
  95. {
  96. return (string) $this->value;
  97. }
  98. }