4 * This file is part of the Symfony package.
6 * (c) Fabien Potencier <fabien@symfony.com>
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
12 namespace Symfony\Component\HttpFoundation;
15 * Represents a cookie.
17 * @author Johannes M. Schmitt <schmittjoh@gmail.com>
31 const SAMESITE_LAX = 'lax';
32 const SAMESITE_STRICT = 'strict';
35 * Creates cookie from raw header string.
37 * @param string $cookie
42 public static function fromString($cookie, $decode = false)
53 foreach (explode(';', $cookie) as $part) {
54 if (false === strpos($part, '=')) {
58 list($key, $value) = explode('=', trim($part), 2);
60 $value = trim($value);
62 if (!isset($data['name'])) {
63 $data['name'] = $decode ? urldecode($key) : $key;
64 $data['value'] = true === $value ? null : ($decode ? urldecode($value) : $value);
67 switch ($key = strtolower($key)) {
72 $data['expires'] = time() + (int) $value;
80 return new static($data['name'], $data['value'], $data['expires'], $data['path'], $data['domain'], $data['secure'], $data['httponly'], $data['raw'], $data['samesite']);
84 * @param string $name The name of the cookie
85 * @param string|null $value The value of the cookie
86 * @param int|string|\DateTimeInterface $expire The time the cookie expires
87 * @param string $path The path on the server in which the cookie will be available on
88 * @param string|null $domain The domain that the cookie is available to
89 * @param bool $secure Whether the cookie should only be transmitted over a secure HTTPS connection from the client
90 * @param bool $httpOnly Whether the cookie will be made accessible only through the HTTP protocol
91 * @param bool $raw Whether the cookie value should be sent with no url encoding
92 * @param string|null $sameSite Whether the cookie will be available for cross-site requests
94 * @throws \InvalidArgumentException
96 public function __construct($name, $value = null, $expire = 0, $path = '/', $domain = null, $secure = false, $httpOnly = true, $raw = false, $sameSite = null)
98 // from PHP source code
99 if (preg_match("/[=,; \t\r\n\013\014]/", $name)) {
100 throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $name));
104 throw new \InvalidArgumentException('The cookie name cannot be empty.');
107 // convert expiration time to a Unix timestamp
108 if ($expire instanceof \DateTimeInterface) {
109 $expire = $expire->format('U');
110 } elseif (!is_numeric($expire)) {
111 $expire = strtotime($expire);
113 if (false === $expire) {
114 throw new \InvalidArgumentException('The cookie expiration time is not valid.');
119 $this->value = $value;
120 $this->domain = $domain;
121 $this->expire = 0 < $expire ? (int) $expire : 0;
122 $this->path = empty($path) ? '/' : $path;
123 $this->secure = (bool) $secure;
124 $this->httpOnly = (bool) $httpOnly;
125 $this->raw = (bool) $raw;
127 if (null !== $sameSite) {
128 $sameSite = strtolower($sameSite);
131 if (!\in_array($sameSite, array(self::SAMESITE_LAX, self::SAMESITE_STRICT, null), true)) {
132 throw new \InvalidArgumentException('The "sameSite" parameter value is not valid.');
135 $this->sameSite = $sameSite;
139 * Returns the cookie as a string.
141 * @return string The cookie
143 public function __toString()
145 $str = ($this->isRaw() ? $this->getName() : urlencode($this->getName())).'=';
147 if ('' === (string) $this->getValue()) {
148 $str .= 'deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0';
150 $str .= $this->isRaw() ? $this->getValue() : rawurlencode($this->getValue());
152 if (0 !== $this->getExpiresTime()) {
153 $str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime()).'; Max-Age='.$this->getMaxAge();
157 if ($this->getPath()) {
158 $str .= '; path='.$this->getPath();
161 if ($this->getDomain()) {
162 $str .= '; domain='.$this->getDomain();
165 if (true === $this->isSecure()) {
169 if (true === $this->isHttpOnly()) {
170 $str .= '; httponly';
173 if (null !== $this->getSameSite()) {
174 $str .= '; samesite='.$this->getSameSite();
181 * Gets the name of the cookie.
185 public function getName()
191 * Gets the value of the cookie.
193 * @return string|null
195 public function getValue()
201 * Gets the domain that the cookie is available to.
203 * @return string|null
205 public function getDomain()
207 return $this->domain;
211 * Gets the time the cookie expires.
215 public function getExpiresTime()
217 return $this->expire;
221 * Gets the max-age attribute.
225 public function getMaxAge()
227 $maxAge = $this->expire - time();
229 return 0 >= $maxAge ? 0 : $maxAge;
233 * Gets the path on the server in which the cookie will be available on.
237 public function getPath()
243 * Checks whether the cookie should only be transmitted over a secure HTTPS connection from the client.
247 public function isSecure()
249 return $this->secure;
253 * Checks whether the cookie will be made accessible only through the HTTP protocol.
257 public function isHttpOnly()
259 return $this->httpOnly;
263 * Whether this cookie is about to be cleared.
267 public function isCleared()
269 return 0 !== $this->expire && $this->expire < time();
273 * Checks if the cookie value should be sent with no url encoding.
277 public function isRaw()
283 * Gets the SameSite attribute.
285 * @return string|null
287 public function getSameSite()
289 return $this->sameSite;