Cookie#
- class Cookie(**kwargs)#
Implements HTTP cookies, as described by RFC 6265.
To have a Session handle cookies for your appliction
automatically, use a CookieJar.
name and value will be set for all cookies. If the cookie is
generated from a string that appears to have no name, then name
will be the empty string.
domain and path give the host or domain, and path within that
host/domain, to restrict this cookie to. If domain starts with
“.”, that indicates a domain (which matches the string after the
“.”, or any hostname that has domain as a suffix). Otherwise, it
is a hostname and must match exactly.
expires will be non-None if the cookie uses either the original
“expires” attribute, or the newer “max-age” attribute. If expires
is None, it indicates that neither “expires” nor “max-age” was
specified, and the cookie expires at the end of the session.
If http_only is set, the cookie should not be exposed to untrusted
code (eg, javascript), so as to minimize the danger posed by
cross-site scripting attacks.
Constructors#
- class Cookie
- classmethod new(name: str, value: str, domain: str, path: str, max_age: int) → Cookie#
Creates a new
Cookiewith the given attributes.Use
set_secureandset_http_onlyif you need to set those attributes on the returned cookie.If
domainstarts with “.”, that indicates a domain (which matches the string after the “.”, or any hostname that hasdomainas a suffix). Otherwise, it is a hostname and must match exactly.max_ageis used to set the “expires” attribute on the cookie; pass -1 to not include the attribute (indicating that the cookie expires with the current session), 0 for an already-expired cookie, or a lifetime in seconds. You can use the constantsCOOKIE_MAX_AGE_ONE_HOUR,COOKIE_MAX_AGE_ONE_DAY,COOKIE_MAX_AGE_ONE_WEEKandCOOKIE_MAX_AGE_ONE_YEAR(or multiples thereof) to calculate this value. (If you really care about setting the exact time that the cookie will expire, useset_expires.)As of version 3.4.0 the default value of a cookie’s same-site-policy is
LAX.- Parameters:
name – cookie name
value – cookie value
domain – cookie domain or hostname
path – cookie path, or
Nonemax_age – max age of the cookie, or -1 for a session cookie
Methods#
- class Cookie
- applies_to_uri(uri: Uri) → bool#
Tests if
cookieshould be sent touri.(At the moment, this does not check that
cookie's domain matchesuri, because it assumes that the caller has already done that. But don’t rely on that; it may change in the future.)- Parameters:
uri – a
Uri
- domain_matches(host: str) → bool#
Checks if the
cookie's domain andhostmatch.The domains match if
cookieshould be sent when making a request tohost, or thatcookieshould be accepted when receiving a response fromhost.- Parameters:
host – a URI
- equal(cookie2: Cookie) → bool#
Tests if
cookie1andcookie2are equal.Note that currently, this does not check that the cookie domains match. This may change in the future.
- Parameters:
cookie2 – a
Cookie
- get_same_site_policy() → SameSitePolicy#
Returns the same-site policy for this cookie.
- classmethod parse(origin: Uri | None = None) → Cookie | None#
Parses
headerand returns aCookie.If
headercontains multiple cookies, only the first one will be parsed.If
headerdoes not have “path” or “domain” attributes, they will be defaulted fromorigin. IforiginisNone, path will default to “/”, but domain will be left asNone. Note that this is not a valid state for aCookie, and you will need to fill in some appropriate string for the domain if you want to actually make use of the cookie.As of version 3.4.0 the default value of a cookie’s same-site-policy is
LAX.- Parameters:
origin – origin of the cookie
- set_expires(expires: DateTime) → None#
Sets
cookie's expiration time toexpires.If
expiresisNone,cookiewill be a session cookie and will expire at the end of the client’s session.(This sets the same property as
set_max_age.)- Parameters:
expires – the new expiration time, or
None
- set_http_only(http_only: bool) → None#
Sets
cookie's HttpOnly attribute tohttp_only.If
True,cookiewill be marked as “http only”, meaning it should not be exposed to web page scripts or other untrusted code.- Parameters:
http_only – the new value for the HttpOnly attribute
- set_max_age(max_age: int) → None#
Sets
cookie's max age tomax_age.If
max_ageis -1, the cookie is a session cookie, and will expire at the end of the client’s session. Otherwise, it is the number of seconds until the cookie expires. You can use the constantsCOOKIE_MAX_AGE_ONE_HOUR,COOKIE_MAX_AGE_ONE_DAY,COOKIE_MAX_AGE_ONE_WEEKandCOOKIE_MAX_AGE_ONE_YEAR(or multiples thereof) to calculate this value. (A value of 0 indicates that the cookie should be considered already-expired.)This sets the same property as
set_expires.- Parameters:
max_age – the new max age
- set_same_site_policy(policy: SameSitePolicy) → None#
When used in conjunction with
get_cookie_list_with_same_site_infothis sets the policy of when this cookie should be exposed.- Parameters:
policy – a
SameSitePolicy
- set_secure(secure: bool) → None#
Sets
cookie's secure attribute tosecure.If
True,cookiewill only be transmitted from the client to the server over secure (https) connections.- Parameters:
secure – the new value for the secure attribute