CookieSigner class
A utility that signs, and verifies, cookies using an Hmac
.
It aims to mitigate so-called "cookie poisoning" attacks by ensuring that clients cannot tamper with the cookies they have been sent.
Constructors
-
CookieSigner(List<
int> keyBytes, {Hash? hash}) -
Creates an hmac from an array of
keyBytes
and ahash
(defaults tosha256
). - CookieSigner.fromHmac(Hmac hmac)
- CookieSigner.fromStringKey(String key, {Hash? hash})
-
Creates an hmac from a string
key
and ahash
(defaults tosha256
).factory
Properties
- hashCode → int
-
The hash code for this object.
no setterinherited
- hmac → Hmac
-
The
Hmac
used to sign and verify cookies.final - runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
Methods
-
computeCookieSignature(
String cookieValue) → String -
Computes the signature of a
cookieValue
, either for signing an outgoing cookie, or verifying an incoming cookie. -
Returns a new Cookie that is the same as the input
cookie
, but with anewValue
. -
createSignedCookie(
Cookie cookie) → Cookie -
Returns a new cookie, replacing the value of an input
cookie
with one that is signed with the hmac. -
getCookiePayloadAndSignature(
String cookieValue) → List< String> ? -
Gets the payload and signature of a given
cookie
, WITHOUT verifying its integrity. -
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
readCookies(
RequestContext req, {void onInvalidCookie(Cookie)?}) → List< Cookie> - Returns a set of all the incoming cookies that had a valid signature attached. Any cookies without a signature, or with a signature that does not match the provided data, are not included in the output.
-
toString(
) → String -
A string representation of this object.
inherited
-
verify(
Cookie cookie) → bool - Determines whether a cookie is properly signed, if it is signed at all.
-
writeCookie(
ResponseContext res, Cookie cookie) → void -
Signs a single
cookie
, and adds it to an outgoingres
ponse. The inputcookie
is not modified. -
writeCookies(
ResponseContext res, Iterable< Cookie> cookies) → void -
Signs a set of
cookies
, and adds them to an outgoingres
ponse. The inputcookies
are not modified.
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited