Cookie Helper

The Cookie Helper file contains handlers that assist in working with cookies.

Loading this Helper

This helper is loaded using the following code:

rigLoadHelper "cookie"

The following handlers are available:

rigSetCookie

Sets a cookie containing the values you specify. There are two ways to pass information to this handler so that a cookie can be set: Array Method, and Discrete Parameters:

Array Method

Using this method, an associative array is passed to the first parameter:

put "The Cookie Name" into tCookieA["name"]
put "The Value" into tCookieA["value"]
put 86500 into tCookieA["expire"]
put ".some-domain.com" into tCookieA["domain"]
put "/" into tCookieA["path"]
put "myprefix" into tCookieA["prefix"]
put FALSE into tCookieA["replace"] -- set to TRUE, if you want to overwrite the most recent cookie header
put TRUE into tCookieA["secure"]
put FALSE into tCookieA["httponly"]
put "Lax" into tCookieA["samesite"]

rigSetCookie tCookieA

Notes:

• Only the name and value are required. All other parameters are optional. To delete a cookie set it with the expiration blank.
• Although cookie values need to be strings revIgniter optionally allows to use arrays as value.
• The expiration is set in seconds, which will be added to the current time. Do not include the time, but rather only the number of seconds from now that you wish the cookie to be valid. If the expiration is set to zero the cookie will only last as long as the browser is open.
• For site-wide cookies regardless of how your site is requested, add your URL to the domain starting with a period, like this: .your-domain.com The domain can also be set in application/config/config.lc
• The path is usually not needed since the handler sets a root path. The path can be set in application/config/config.lc too.
• The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server. This value can be set in application/config/config.lc too.
• Set the replace boolean to TRUE, if you want to overwrite the most recent cookie header
• The secure boolean is only needed if you want to make it a secure cookie by setting it to TRUE (Cookies will only be set if a secure HTTPS connection exists). This boolean can be set in application/config/config.lc too.
• Use the httponly boolean to unset the HttpOnly flag. This flag is set by default so that the cookie can't be read locally via JavaScript.
• The samesite attribute provides some protection against CSRF attacks. Values are: "Strict", "Lax" or "None". If you do not include this parameter it is provided by application/config/config.lc

Discrete Parameters

If you prefer, you can set the cookie by passing data using individual parameters:

rigSetCookie tName, tValue, tExp, tDomain, tPath, tPrefix, tReplace, pSecure, pHttpOnly, pSameSite

Note: Keep in mind that the current time used to calculate the expiration date is referenced either to your server's local time or GMT, based on the "time reference" setting in your config file.

rigGetCookie()

Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):

put rigGetCookie("someCookie") into tCookieData

The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.

The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;

put rigGetCookie("someCookie", TRUE) into tCookieData

rigDeleteCookie

Lets you delete a cookie. Unless you've set a custom path or other values, only the name of the cookie is needed:

rigDeleteCookie "name"

This handler is otherwise identical to rigSetCookie, except that it does not have the value and expiration parameters. You can submit an array of values in the first parameter or you can set discrete parameters.

rigDeleteCookie tName, tDomain, tPath, tPrefix

Note: See cookie related settings in application/config/config.lc.