04-24-2019, 06:02 AM
Here is something from the old forum (forum is now readonly)
https://forums.embarcadero.com/thread.js...421#693421
Also see:
https://forums.embarcadero.com/thread.js...882#882882
From Alex:
Reading cookie value:
Class THttpRequest, method GetCookieValue:
function GetCookieValue(const aName: string): string;
Writing a cookie:
Class THttpReply, use method AddCookie from Cookies object (type THttpCookieList), e.g.:
Reply.Cookies.AddCookie()
function AddCookie(const aName, aValue, aPath: string; const aExpires: TDateTime; const aHttpOnly: Boolean = False; const aSecure: Boolean = False): Integer;
Also from Alex in the second thread, HTTPOnly...
Is there a way to set the HTTPOnly flag in the Set-Cookie HTTP
response header?
Is this a custom cookie or the default session tracking cookie?
If this is the default session tracking cookie, just use the
ServerController.CookieOptions property:
- set CookieOptions.HttpOnly to True/False, according to your
requirements
If this is a custom cookie, you can set this option when adding the
cookie to the response cookie collection:
THttpReply.Cookies is the cookie coolection object.
You use its Add() method to add a custom cookie to your response, and
this method has this signature:
THttpCookieList.AddCookie(const aName, aValue, aPath: string; const
aExpires: TDateTime; const aHttpOnly: Boolean = False; const aSecure:
Boolean = False): Integer;
Dan
https://forums.embarcadero.com/thread.js...421#693421
Also see:
https://forums.embarcadero.com/thread.js...882#882882
From Alex:
Reading cookie value:
Class THttpRequest, method GetCookieValue:
function GetCookieValue(const aName: string): string;
Writing a cookie:
Class THttpReply, use method AddCookie from Cookies object (type THttpCookieList), e.g.:
Reply.Cookies.AddCookie()
function AddCookie(const aName, aValue, aPath: string; const aExpires: TDateTime; const aHttpOnly: Boolean = False; const aSecure: Boolean = False): Integer;
Also from Alex in the second thread, HTTPOnly...
Is there a way to set the HTTPOnly flag in the Set-Cookie HTTP
response header?
Is this a custom cookie or the default session tracking cookie?
If this is the default session tracking cookie, just use the
ServerController.CookieOptions property:
- set CookieOptions.HttpOnly to True/False, according to your
requirements
If this is a custom cookie, you can set this option when adding the
cookie to the response cookie collection:
THttpReply.Cookies is the cookie coolection object.
You use its Add() method to add a custom cookie to your response, and
this method has this signature:
THttpCookieList.AddCookie(const aName, aValue, aPath: string; const
aExpires: TDateTime; const aHttpOnly: Boolean = False; const aSecure:
Boolean = False): Integer;
Dan