CookieSigner class

A utility that signs, and verifies, cookies using an Hmac.

It aims to mitigate so-called "cookie poisoning" attacks by ensuring that clients cannot tamper with the cookies they have been sent.

Constructors

CookieSigner(List<int> keyBytes, {Hash? hash})

Creates an hmac from an array of keyBytes and a hash (defaults to sha256).

CookieSigner.fromHmac(Hmac hmac)

CookieSigner.fromStringKey(String key, {Hash? hash})

Creates an hmac from a string key and a hash (defaults to sha256).

factory

Properties

hashCode → int

The hash code for this object.

no setter, inherited

hmac → Hmac

The Hmac used to sign and verify cookies.

final

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

computeCookieSignature(String cookieValue) → String

Computes the signature of a cookieValue, either for signing an outgoing cookie, or verifying an incoming cookie.

cookieWithNewValue(Cookie cookie, String newValue) → Cookie

Returns a new Cookie that is the same as the input cookie, but with a newValue.

createSignedCookie(Cookie cookie) → Cookie

Returns a new cookie, replacing the value of an input cookie with one that is signed with the hmac.

getCookiePayloadAndSignature(String cookieValue) → List<String>?

Gets the payload and signature of a given cookie, WITHOUT verifying its integrity.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

readCookies(RequestContext req, {void onInvalidCookie(Cookie)?}) → List<Cookie>

Returns a set of all the incoming cookies that had a valid signature attached. Any cookies without a signature, or with a signature that does not match the provided data, are not included in the output.

toString() → String

A string representation of this object.

inherited

verify(Cookie cookie) → bool

Determines whether a cookie is properly signed, if it is signed at all.

writeCookie(ResponseContext res, Cookie cookie) → void

Signs a single cookie, and adds it to an outgoing response. The input cookie is not modified.

writeCookies(ResponseContext res, Iterable<Cookie> cookies) → void

Signs a set of cookies, and adds them to an outgoing response. The input cookies are not modified.

Operators

operator ==(Object other) → bool

The equality operator.

inherited