Hello Simense,
I just set in homepage procedure using mezzio framework like this:

FigRequestCookies::set($request, Cookie::create('theme', 'blue'));

the page loading normally but there is no cookie in headers tab.
please advice.
Thank you,
-alfin-

Hi,
would be greate to have some tutorials or links on how to use this in combination with Slim 3. Their upgrade guide refers to this archive, but I can't find a single tutorial on how to properly implement it with Slim.
Cheers and thanks, Steff

Maybe I'm doing something wrong. Set the Cookie according to the instructions. If you check the Cookie's value to the line below - it turns out that the cookie is set. If you refresh the page then the cookie is null. Could You give a short working manual for Slim?..

Hi,

I cannot really understand why the only cookie you would want to get would not be just a request cookie, and the only cookie to set, be a response cookie. Is there a reason for this allowing of injecting cookies into a request, and retrieving cookies before they are sent with a response? If so, could you highlight the benefit of getting a cookie from a response before it is sent, or the benefit or use-case for injecting a cookie into a request?

It's an amazing lib, produces incredibly readable code compared with PHP native cookie functions, so I get that it improves code from that perspective; and I found it because @silentworks mentioned this as working with Slim3; which has, or is working towards full PSR7 compliant request response.

Thanks for your time, and for writing the lib, and TIA for any explanation around the injecting to a request, and reading from a response before it has been dispatched.

There is an issue in splitCookiePair where malformed pair is given without =, the result is a call on urldecode with first parameter as NULL.

Example code:

<?php

declare(strict_types=1);

namespace Dflydev\FigCookies;

use function array_filter;
use function assert;
use function explode;
use function is_array;
use function preg_split;
use function urldecode;

class StringUtil
{
    /** @return string[] */
    public static function splitOnAttributeDelimiter(string $string) : array
    {
        $splitAttributes = preg_split('@\s*[;]\s*@', $string);

        assert(is_array($splitAttributes));

        return array_filter($splitAttributes);
    }

    /** @return string[] */
    public static function splitCookiePair(string $string) : array
    {
        $pairParts    = explode('=', $string, 2);
        $pairParts[1] = urldecode($pairParts[1]) ?? '';

        return $pairParts;
    }
}

var_dump(StringUtil::splitCookiePair('cookie=value'));
var_dump(StringUtil::splitCookiePair('cookie='));
var_dump(StringUtil::splitCookiePair('cookie')); // urldecode() expects parameter 1 to be string, null given

While the cookie string is malformed if = is missing before ;, the code should definitely not fail catastrophically in this case.

If i set withPath method, i cannot remove or modify cookie any way.

This code sets a cookie that I can delete:
$setCookie = SetCookie::create('auth')->withValue('1'); $response = FigResponseCookies::set($response, $setCookie);

but this code set cookie that i cannot remove (expire) and modify in Safari and Chrome (other browsers not verified)
$setCookie = SetCookie::create('auth')->withValue('1')->withPath('/'); $response = FigResponseCookies::set($response, $setCookie);

What could it be?.. And how can I fix it?..

Is this normal? None of the methods actually generates a cookie file. I think that I'm not sure how this works, could somebody explain?

Docs added in #11 reference a method called forget, the code in #10 adds method called expire.

As far as I can see there is no forget method, and docs need updating to use expire.

I can see that SameSite=None has been added in #36 but there is no release since merge.

It is blocking release of: mezzio/mezzio-swoole#4

I'm writing a proxy script where I have a middleware to alter the domain param of cookies.

The problem is that the urlencode and urldecode calls are altering the cookie name and value sent by the upstream server (which is out of my control).

Maybe an option could be added to work with raw data. What do you think?

The expires/max age for the cookie is

2022-02-25T03:18:25.063Z

$setCookie = SetCookie::create('lu2')
			->withValue('aaaa')
			->withExpires(new \DateTime('+5 years'))
			->withMaxAge(500)
			->rememberForever()
			->withPath('/')
			->withDomain('192.168.1.13')
			->withSecure(false)
			->withHttpOnly(true)
			->withSameSite(SameSite::lax());
		echo $setCookie;
		$response = FigResponseCookies::set($response, $setCookie);
		return $response->withStatus(201)
			->withHeader("Content-Type", "application/json")
			->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));

I really like this implementation, but I feel when using something like a Pimple container, it is a little complex to use.

What would make this really user friendly would be if FigRequestCookies and FigResponseCookies had an all method each that did the same as Cookies::fromRequest and Cookies::fromResponse

What do you think?

Hello,

One of the libraries I depend on has a dependency on this package. So while trying to upgrade to PHP8 I saw this package is not compatible.

Is there any plan to add support for PHP 8? If not, I can do it. Would you be interested merging that?

As far as I see it's relatively easy upgrade. Only problem I see is tests using prophesize which is deprecated in PHPUnit 9. https://github.com/phpspec/prophecy-phpunit is recommended but that requires min. PHP 7.3 So I don't know any what to do in that case, but open to discussion.

FigResponseCookies::forget - method does not exists! Are you mean `FigResponseCookies::expire?

SetCookie::expire() does not work for response cookies because browsers expect a "Domain" part in the Set-Cookie header when expiring a cookie.

I have tested it with Firefox 49.0.1 and Chrome 53.0.2785.143 and both behave in the same (standard?) way: the minimum requirement for expiring and flushing a cookie is to have the cookie name, the "Expires" part in the past AND also a "Domain" part in the Set-Cookie header.

I could not really make a patch for this, since in response cookies no domain information is present. Any suggestion how to fix it in a canonical way?

Hello,

I'm trying to understand how FigRequestCookies::get() works.
By looking at the code, I noticed that it is not using ServerRequesInterface::getCookieParams() .

Is there anyone who could explain that?

Basically, what are the differences between:

$cookie = FigRequestCookies::get($request, 'foo');

vs

$cookie = $request->getCookieParams()['foo'];

Thank you.

The CHANGELOG.md file only lists version 2.0.0 and no later ones.

It especially does not list any breaking changes in version 3.0.0, so it is impossible for projects to see what they need to do when switching to version 3.

I want to be able to store an array of ID's to their cookies. I figured the easiest way is to json_encode the array of save IDs. Code below:

$app->get('/save/{id: [0-9]+}', function($request, $response, $args) {

  // Check if cookie exists
  $cookie = FigRequestCookies::get($request, 'saves');

  if($cookie->getValue() !== "null") {

    // Convert old cookie JSON array to PHP array
    $saves = json_decode($cookie->getValue(), true);

    // Push new save ID onto array
    array_push($saves, $args['id']);

    // Modify cookie
    $response = FigResponseCookies::modify($response, 'saves', function(SetCookie $setCookie) use ($saves)  {
      return $setCookie->withValue(json_encode($saves));
    });
  }
  else {

    // No cookie found set one
    $setCookie = SetCookie::create('saves')
      ->withValue(json_encode([ $args['id'] ]))
      ->rememberForever()
      ->withPath('/')
      ->withDomain('.localhost');

    $response = FigResponseCookies::set($response, $setCookie);
  }

  // Return user to save area
  return $this->view->render($response, 'saves.php');
});

My problem is the array only ever gets two values regardless of how many times I save a page. If I visit the following pages ...

http://example.com/save/22
http://example.com/save/32
http://example.com/save/18

... the array of $saves is only ever set to:

[22, 18]

If I save another page:

http://example.com/save/9

... the array is:

[22, 9]

Not sure what's going on here.

As far as I understand, SetCookie::__construct only takes name and value. If I want to create a cookie with expire, domain, path, etc. I have to chain a bunch of ->withDomain, ->withPath, and so on.

Would it make sense to have SetCookie accept everything (domain, path, expires, etc.) in the constructor as optional arguments, much like PHP's native setcookie method? It would make instantiation much less verbose, and also avoid cloning and throwing away objects.

If it makes sense I can work on a PR for this.

Currently the library uses urlencode/urldecode. Could you change it to use rawurlencode/rawurldecode so it encodes spaces as %20 and not +? Since 7.4.3 PHP uses %20 and it would be more consistent with it's setcookie function and $_COOKIE doesn't decode the +. I need to set a cookie that is compatible with that.

I'm facing issue, my code is below

namespace Cookies;
use Dflydev\FigCookies\FigResponseCookies;
use Dflydev\FigCookies\FigRequestCookies;
use Dflydev\FigCookies\Cookie;
use Dflydev\FigCookies\SetCookie;

class Cookies

{
    protected $req;
    protected $res;

    public function __construct($req, $res)
    {
        $this->req = $req;
        $this->res = $res;
    }

    function get($name)
    {
        $response = $this->res;
        $request = $this->req;
        return FigRequestCookies::get($request, 'theme');
    }

    function set($name, $value = "", $expire = 0)
    {
        $response = $this->res;
        $request = $this->req;
        $request = FigRequestCookies::set($request, Cookie::create('theme', 'blue'));
    }
}

When I call get cookies, this returns theme= I'm going to die, if this will not solve

I've try set with response too, but same

Within my swoole psr7/psr15 adapter i need todo a dirty hack to get the plain value of the SameSite: chubbyphp/chubbyphp-swoole-request-handler@526abba#diff-edf14cd8ca187660e2dce52b4b9fd1aeR51 would be cool to have something as getValue.

Hi, i am using Slim 3 and i have a small issue here, the problem is when i use a middleware to retrieve a specific cookie, it returns an empty cookie but when i use the same method and class with a controller, it retrieves the same cookie without issue. I am using it to retrieve JWT package cookie, i am using a shared class that i inject into the container, which means the code refusing to work when called by a middleware is the same that works when called by a controller.

$jwtPackage = FigRequestCookies::get($request, $authenticationTokenCookieName)->getValue();

Please note i have not injected the dflydev-fig-cookies library into slim 3 containers and am also new to slim. Thanks.

When setting max-age parameter to zero (0), the cookie is set as session cookie instead of removal. The package treats zero value of max-age as it's not set. But according to RFC-6265 zero value should remove cookie as well as negative value. Here's a quote of the section "5.2.2. The Max-Age Attribute":

If delta-seconds is less than or equal to zero (0), let expiry-time be the earliest representable date and time. Otherwise, let the expiry-time be the current date and time plus delta-seconds seconds.

The workaround of this bug is to use negative values. I can make pull-request if needed.

I create two cookies with the same name but for different path.
one for "/" and one for "/admin".
When I read out the cookie in the "/" path or "/admin" I always get the same.
When I use the PHP $_COOKIE variable I get the correct cookie for the correct path,.