4 * This file is part of the Symfony package.
6 * (c) Fabien Potencier <fabien@symfony.com>
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
12 namespace Symfony\Component\HttpFoundation;
15 * Represents a cookie.
17 * @author Johannes M. Schmitt <schmittjoh@gmail.com>
31 const SAMESITE_LAX = 'lax';
32 const SAMESITE_STRICT = 'strict';
37 * @param string $name The name of the cookie
38 * @param string $value The value of the cookie
39 * @param int|string|\DateTimeInterface $expire The time the cookie expires
40 * @param string $path The path on the server in which the cookie will be available on
41 * @param string $domain The domain that the cookie is available to
42 * @param bool $secure Whether the cookie should only be transmitted over a secure HTTPS connection from the client
43 * @param bool $httpOnly Whether the cookie will be made accessible only through the HTTP protocol
44 * @param bool $raw Whether the cookie value should be sent with no url encoding
45 * @param string|null $sameSite Whether the cookie will be available for cross-site requests
47 * @throws \InvalidArgumentException
49 public function __construct($name, $value = null, $expire = 0, $path = '/', $domain = null, $secure = false, $httpOnly = true, $raw = false, $sameSite = null)
51 // from PHP source code
52 if (preg_match("/[=,; \t\r\n\013\014]/", $name)) {
53 throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $name));
57 throw new \InvalidArgumentException('The cookie name cannot be empty.');
60 // convert expiration time to a Unix timestamp
61 if ($expire instanceof \DateTimeInterface) {
62 $expire = $expire->format('U');
63 } elseif (!is_numeric($expire)) {
64 $expire = strtotime($expire);
66 if (false === $expire) {
67 throw new \InvalidArgumentException('The cookie expiration time is not valid.');
72 $this->value = $value;
73 $this->domain = $domain;
74 $this->expire = 0 < $expire ? (int) $expire : 0;
75 $this->path = empty($path) ? '/' : $path;
76 $this->secure = (bool) $secure;
77 $this->httpOnly = (bool) $httpOnly;
78 $this->raw = (bool) $raw;
80 if (null !== $sameSite) {
81 $sameSite = strtolower($sameSite);
84 if (!in_array($sameSite, array(self::SAMESITE_LAX, self::SAMESITE_STRICT, null), true)) {
85 throw new \InvalidArgumentException('The "sameSite" parameter value is not valid.');
88 $this->sameSite = $sameSite;
92 * Returns the cookie as a string.
94 * @return string The cookie
96 public function __toString()
98 $str = ($this->isRaw() ? $this->getName() : urlencode($this->getName())).'=';
100 if ('' === (string) $this->getValue()) {
101 $str .= 'deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001);
103 $str .= $this->isRaw() ? $this->getValue() : rawurlencode($this->getValue());
105 if (0 !== $this->getExpiresTime()) {
106 $str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime());
110 if ($this->getPath()) {
111 $str .= '; path='.$this->getPath();
114 if ($this->getDomain()) {
115 $str .= '; domain='.$this->getDomain();
118 if (true === $this->isSecure()) {
122 if (true === $this->isHttpOnly()) {
123 $str .= '; httponly';
126 if (null !== $this->getSameSite()) {
127 $str .= '; samesite='.$this->getSameSite();
134 * Gets the name of the cookie.
138 public function getName()
144 * Gets the value of the cookie.
146 * @return string|null
148 public function getValue()
154 * Gets the domain that the cookie is available to.
156 * @return string|null
158 public function getDomain()
160 return $this->domain;
164 * Gets the time the cookie expires.
168 public function getExpiresTime()
170 return $this->expire;
174 * Gets the path on the server in which the cookie will be available on.
178 public function getPath()
184 * Checks whether the cookie should only be transmitted over a secure HTTPS connection from the client.
188 public function isSecure()
190 return $this->secure;
194 * Checks whether the cookie will be made accessible only through the HTTP protocol.
198 public function isHttpOnly()
200 return $this->httpOnly;
204 * Whether this cookie is about to be cleared.
208 public function isCleared()
210 return $this->expire < time();
214 * Checks if the cookie value should be sent with no url encoding.
218 public function isRaw()
224 * Gets the SameSite attribute.
226 * @return string|null
228 public function getSameSite()
230 return $this->sameSite;