org.springframework.http

Class ResponseCookie

java.lang.Object

org.springframework.http.HttpCookie

org.springframework.http.ResponseCookie

public final class ResponseCookie
extends HttpCookie

An HttpCookie subclass with the additional attributes allowed in the "Set-Cookie" response header. To build an instance use the from(java.lang.String, java.lang.String) static method.

Since:

5.0

Author:

Rossen Stoyanchev, Brian Clozel

See Also:

RFC 6265

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	ResponseCookie.ResponseCookieBuilder A builder for a server-defined HttpCookie with attributes.

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object other)
static ResponseCookie.ResponseCookieBuilder	from(String name, String value) Factory method to obtain a builder for a server-defined cookie that starts with a name-value pair and may also include attributes.
static ResponseCookie.ResponseCookieBuilder	fromClientResponse(String name, String value) Factory method to obtain a builder for a server-defined cookie.
String	getDomain() Return the cookie "Domain" attribute, or null if not set.
Duration	getMaxAge() Return the cookie "Max-Age" attribute in seconds.
String	getPath() Return the cookie "Path" attribute, or null if not set.
String	getSameSite() Return the cookie "SameSite" attribute, or null if not set.
int	hashCode()
boolean	isHttpOnly() Return true if the cookie has the "HttpOnly" attribute.
boolean	isSecure() Return true if the cookie has the "Secure" attribute.
String	toString()

Methods inherited from class org.springframework.http.HttpCookie

getName, getValue

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Detail

getMaxAge

public Duration getMaxAge()

Return the cookie "Max-Age" attribute in seconds.

A positive value indicates when the cookie expires relative to the current time. A value of 0 means the cookie should expire immediately. A negative value means no "Max-Age" attribute in which case the cookie is removed when the browser is closed.

getDomain

@Nullable
public String getDomain()

Return the cookie "Domain" attribute, or null if not set.

getPath

@Nullable
public String getPath()

Return the cookie "Path" attribute, or null if not set.

isSecure

public boolean isSecure()

Return true if the cookie has the "Secure" attribute.

isHttpOnly

public boolean isHttpOnly()

Return true if the cookie has the "HttpOnly" attribute.

See Also:

https://www.owasp.org/index.php/HTTPOnly

getSameSite

@Nullable
public String getSameSite()

Return the cookie "SameSite" attribute, or null if not set.

This limits the scope of the cookie such that it will only be attached to same site requests if "Strict" or cross-site requests if "Lax".

Since:

5.1

See Also:

RFC6265 bis

equals

public boolean equals(@Nullable
                      Object other)

Overrides:

equals in class HttpCookie

hashCode

public int hashCode()

Overrides:

hashCode in class HttpCookie

toString

public String toString()

Overrides:

toString in class HttpCookie

from

public static ResponseCookie.ResponseCookieBuilder from(String name,
                                                        String value)

Factory method to obtain a builder for a server-defined cookie that starts with a name-value pair and may also include attributes.

Parameters:

name - the cookie name

value - the cookie value

Returns:

a builder to create the cookie with

fromClientResponse

public static ResponseCookie.ResponseCookieBuilder fromClientResponse(String name,
                                                                      String value)

Factory method to obtain a builder for a server-defined cookie. Unlike from(String, String) this option assumes input from a remote server, which can be handled more leniently, e.g. ignoring a empty domain name with double quotes.

Parameters:

name - the cookie name

value - the cookie value

Returns:

a builder to create the cookie with

Since:

5.2.5