aim_server_cookie 0.0.1 copy "aim_server_cookie: ^0.0.1" to clipboard
aim_server_cookie: ^0.0.1 copied to clipboard

Published 5 days agoverified publisheraim-dart.dev
SDKDartFlutter
PlatformAndroidiOSLinuxmacOSWindows

Metadata

Cookie support for Aim framework with secure options like HttpOnly, SameSite, and expiration.

More...

aim_server_cookie #

Cookie support for the aim_server framework.

Overview #

aim_server_cookie provides secure cookie management for the Aim framework. This package offers an easy-to-use API for setting, deleting, and managing HTTP cookies with support for all standard cookie attributes including HttpOnly, Secure, SameSite, and expiration controls.

Features #

  • 🍪 Simple Cookie API - Easy setCookie and deleteCookie methods
  • 🔒 Security Options - Full support for HttpOnly, Secure, and SameSite attributes
  • Expiration Control - Set expiration with Max-Age or Expires
  • 🌐 Path & Domain - Control cookie scope with path and domain options
  • 🎯 Type-safe - Full Dart type safety with CookieOptions
  • 📦 Multiple Cookies - Set multiple cookies in a single response

Installation #

Add aim_server_cookie to your pubspec.yaml:

dependencies:
  aim_server: <latest_version>
  aim_server_cookie: <latest_version>

Then run:

dart pub get

Usage #

Set a simple cookie:

import 'package:aim_server/aim_server.dart';
import 'package:aim_server_cookie/aim_server_cookie.dart';

void main() async {
  final app = Aim();

  app.get('/login', (c) async {
    c.setCookie('user_id', '12345');
    return c.json({'status': 'logged in'});
  });

  await app.serve(host: InternetAddress.anyIPv4, port: 8080);
}

Set a secure session cookie with HttpOnly and SameSite:

app.get('/login', (c) async {
  c.setCookie('session_id', 'abc123xyz', options: CookieOptions(
    httpOnly: true,
    secure: true,
    sameSite: SameSite.strict,
    path: '/',
  ));
  return c.json({'status': 'logged in'});
});

Set a cookie that expires after a specific duration:

app.get('/remember', (c) async {
  c.setCookie('remember_token', 'xyz789', options: CookieOptions(
    maxAge: Duration(days: 30),
    path: '/',
    httpOnly: true,
  ));
  return c.json({'status': 'remembered'});
});

Multiple Cookies #

Set multiple cookies in a single response:

app.get('/preferences', (c) async {
  c.setCookie('theme', 'dark', options: CookieOptions(
    path: '/',
    maxAge: Duration(days: 365),
  ));

  c.setCookie('language', 'ja', options: CookieOptions(
    path: '/',
    maxAge: Duration(days: 365),
  ));

  return c.json({'status': 'preferences saved'});
});

Delete a cookie by setting its Max-Age to 0:

app.get('/logout', (c) async {
  c.deleteCookie('session_id', path: '/');
  return c.json({'status': 'logged out'});
});

Important: When deleting a cookie, you must specify the same path and domain that were used when setting the cookie.

Complete Example #

import 'dart:io';
import 'package:aim_server/aim_server.dart';
import 'package:aim_server_cookie/aim_server_cookie.dart';

void main() async {
  final app = Aim();

  // Login endpoint - set secure session cookie
  app.post('/login', (c) async {
    final body = await c.req.json();

    // Validate credentials...

    c.setCookie('session_id', 'generated_session_id', options: CookieOptions(
      httpOnly: true,
      secure: true,
      sameSite: SameSite.strict,
      path: '/',
      maxAge: Duration(hours: 24),
    ));

    return c.json({'status': 'success'});
  });

  // Logout endpoint - delete session cookie
  app.post('/logout', (c) async {
    c.deleteCookie('session_id', path: '/');
    return c.json({'status': 'logged out'});
  });

  // Protected endpoint - read cookies
  app.get('/profile', (c) async {
    final cookies = c.headers['cookie'] ?? '';
    // Parse and validate session cookie...

    return c.json({'user': 'data'});
  });

  await app.serve(host: InternetAddress.anyIPv4, port: 8080);
  print('Server running on http://localhost:8080');
}

API Reference #

setCookie(String name, String value, {CookieOptions? options}) #

Sets a cookie in the response.

Parameters:

  • name - Cookie name
  • value - Cookie value
  • options (optional) - Cookie configuration options

Example:

c.setCookie('user_id', '12345', options: CookieOptions(
  path: '/',
  maxAge: Duration(days: 7),
));

deleteCookie(String name, {String? path, String? domain}) #

Deletes a cookie by setting its Max-Age to 0.

Parameters:

  • name - Cookie name to delete
  • path (optional) - Cookie path (must match the path used when setting the cookie)
  • domain (optional) - Cookie domain (must match the domain used when setting the cookie)

Example:

c.deleteCookie('user_id', path: '/');

CookieOptions #

Configuration options for cookies.

Properties:

  • path (String?, default: null)

    • The path for which the cookie is valid
    • Example: '/', '/api'

  • domain (String?, default: null)

    • The domain for which the cookie is valid
    • Example: 'example.com', '.example.com'

  • maxAge (Duration?, default: null)

    • How long the cookie should be valid
    • Example: Duration(days: 7), Duration(hours: 1)

  • expires (DateTime?, default: null)

    • Absolute expiration date for the cookie
    • Example: DateTime.now().add(Duration(days: 30))

  • secure (bool?, default: null)

    • Whether the cookie should only be sent over HTTPS
    • Set to true for production environments

  • httpOnly (bool?, default: null)

    • Whether the cookie is inaccessible to JavaScript
    • Set to true for session cookies to prevent XSS attacks

  • sameSite (SameSite?, default: null)

    • Controls whether the cookie is sent with cross-site requests
    • Values: SameSite.strict, SameSite.lax, SameSite.none

SameSite Enum #

Controls cross-site cookie behavior:

  • SameSite.strict - Cookie is only sent in first-party context
  • SameSite.lax - Cookie is sent with top-level navigations
  • SameSite.none - Cookie is sent in all contexts (requires Secure flag)

Security Best Practices #

  1. Use HttpOnly for session cookies - Prevents XSS attacks

    c.setCookie('session', 'value', options: CookieOptions(httpOnly: true));

  2. Use Secure in production - Ensures cookies are only sent over HTTPS

    c.setCookie('session', 'value', options: CookieOptions(secure: true));

  3. Set SameSite attribute - Prevents CSRF attacks

    c.setCookie('session', 'value', options: CookieOptions(
  sameSite: SameSite.strict,
));

  4. Specify Path - Limit cookie scope

    c.setCookie('api_token', 'value', options: CookieOptions(path: '/api'));

  5. Set expiration - Don't create permanent cookies unnecessarily

    c.setCookie('temp', 'value', options: CookieOptions(
  maxAge: Duration(hours: 1),
));

How It Works #

The cookie middleware:

  1. Sets cookies via the set-cookie HTTP header
  2. Supports multiple cookies by concatenating them with newlines
  3. Server-side splitting automatically splits concatenated cookies into individual Set-Cookie headers
  4. Formats attributes according to HTTP cookie specification (RFC 6265)

Contributing #

Contributions are welcome! Please see the main repository for contribution guidelines.

License #

See the LICENSE file in the main repository.

Metadata

1
likes
160
points
70
downloads

Publisher

verified publisheraim-dart.dev

Weekly Downloads

Metadata

Cookie support for Aim framework with secure options like HttpOnly, SameSite, and expiration.

Repository (GitHub)
View/report issues

Documentation

API reference

License

MIT (license)

Dependencies

aim_server

More

Packages that depend on aim_server_cookie

Back