org.springframework.http

Class ResponseCookie



  • public final class ResponseCookie
    extends HttpCookie
    An HttpCookie subclass with the additional attributes allowed in the "Set-Cookie" response header. To build an instance use the from(java.lang.String, java.lang.String) static method.
    Since:
    5.0
    Author:
    Rossen Stoyanchev, Brian Clozel
    See Also:
    RFC 6265
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class and Description
      static interface  ResponseCookie.ResponseCookieBuilder
      A builder for a server-defined HttpCookie with attributes.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method and Description
      boolean equals(java.lang.Object other) 
      static ResponseCookie.ResponseCookieBuilder from(java.lang.String name, java.lang.String value)
      Factory method to obtain a builder for a server-defined cookie that starts with a name-value pair and may also include attributes.
      java.lang.String getDomain()
      Return the cookie "Domain" attribute, or null if not set.
      java.time.Duration getMaxAge()
      Return the cookie "Max-Age" attribute in seconds.
      java.lang.String getPath()
      Return the cookie "Path" attribute, or null if not set.
      java.lang.String getSameSite()
      Return the cookie "SameSite" attribute, or null if not set.
      int hashCode() 
      boolean isHttpOnly()
      Return true if the cookie has the "HttpOnly" attribute.
      boolean isSecure()
      Return true if the cookie has the "Secure" attribute.
      java.lang.String toString() 
      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, wait, wait, wait
    • Method Detail

      • getMaxAge

        public java.time.Duration getMaxAge()
        Return the cookie "Max-Age" attribute in seconds.

        A positive value indicates when the cookie expires relative to the current time. A value of 0 means the cookie should expire immediately. A negative value means no "Max-Age" attribute in which case the cookie is removed when the browser is closed.

      • getDomain

        @Nullable
        public java.lang.String getDomain()
        Return the cookie "Domain" attribute, or null if not set.
      • getPath

        @Nullable
        public java.lang.String getPath()
        Return the cookie "Path" attribute, or null if not set.
      • isSecure

        public boolean isSecure()
        Return true if the cookie has the "Secure" attribute.
      • getSameSite

        @Nullable
        public java.lang.String getSameSite()
        Return the cookie "SameSite" attribute, or null if not set.

        This limits the scope of the cookie such that it will only be attached to same site requests if "Strict" or cross-site requests if "Lax".

        Since:
        5.1
        See Also:
        RFC6265 bis
      • equals

        public boolean equals(java.lang.Object other)
        Overrides:
        equals in class HttpCookie
      • from

        public static ResponseCookie.ResponseCookieBuilder from(java.lang.String name,
                                                                java.lang.String value)
        Factory method to obtain a builder for a server-defined cookie that starts with a name-value pair and may also include attributes.
        Parameters:
        name - the cookie name
        value - the cookie value
        Returns:
        the created cookie instance