SetCookieBuilder

[Source]

Build a validated Set-Cookie response header with secure defaults.

Defaults: Secure=true, HttpOnly=true, SameSite=Lax. These defaults follow current security best practices — override them explicitly when needed.

All with_* methods return this for chaining:

match SetCookieBuilder("session", token)
  .with_path("/")
  .with_max_age(3600)
  .build()
| let sc: SetCookie val =>
  // Use sc.header_value() with ResponseBuilder
| let err: SetCookieBuildError =>
  // Handle validation error
end

build() validates the name, value, path, and domain, checks prefix rules (__Host-, __Secure-), and verifies SameSite=None + Secure consistency. Returns SetCookie val on success or SetCookieBuildError on failure.

class ref SetCookieBuilder

Constructors

create

[Source]

Create a builder for a Set-Cookie header with the given name and value.

Defaults to Secure, HttpOnly, and SameSite=Lax.

new ref create(
  name: String val,
  value: String val)
: SetCookieBuilder ref^

Parameters

• name: String val
• value: String val

Returns

• SetCookieBuilder ref^

---

Public Functions

with_path

[Source]

Set the Path attribute.

fun ref with_path(
  path: String val)
: SetCookieBuilder ref

Parameters

• path: String val

Returns

• SetCookieBuilder ref

---

with_domain

[Source]

Set the Domain attribute.

fun ref with_domain(
  domain: String val)
: SetCookieBuilder ref

Parameters

• domain: String val

Returns

• SetCookieBuilder ref

---

with_max_age

[Source]

Set the Max-Age attribute in seconds.

fun ref with_max_age(
  seconds: I64 val)
: SetCookieBuilder ref

Parameters

• seconds: I64 val

Returns

• SetCookieBuilder ref

---

with_expires

[Source]

Set the Expires attribute from epoch seconds.

fun ref with_expires(
  epoch_seconds: I64 val)
: SetCookieBuilder ref

Parameters

• epoch_seconds: I64 val

Returns

• SetCookieBuilder ref

---

with_secure

[Source]

Set or clear the Secure attribute.

fun ref with_secure(
  secure': Bool val = true)
: SetCookieBuilder ref

Parameters

• secure': Bool val = true

Returns

• SetCookieBuilder ref

---

with_http_only

[Source]

Set or clear the HttpOnly attribute.

fun ref with_http_only(
  http_only': Bool val = true)
: SetCookieBuilder ref

Parameters

• http_only': Bool val = true

Returns

• SetCookieBuilder ref

---

with_same_site

[Source]

Set the SameSite attribute.

Pass a SameSite value to emit the attribute, or Pony's None to omit it entirely. Note that SameSiteNone emits SameSite=None (which requires Secure), while Pony's None omits the attribute.

fun ref with_same_site(
  same_site: (((SameSiteStrict val | SameSiteLax val | SameSiteNone val) & _SameSite val) | None val))
: SetCookieBuilder ref

Parameters

• same_site: (((SameSiteStrict val | SameSiteLax val | SameSiteNone val) & _SameSite val) | None val)

Returns

• SetCookieBuilder ref

---

build

[Source]

Validate and serialize the Set-Cookie header.

Returns SetCookie val on success. Returns a SetCookieBuildError describing the first validation failure: - InvalidCookieName — name is not an RFC 2616 token - InvalidCookieValue — value contains non-cookie-octets - InvalidCookiePath — path contains CTLs or semicolons - InvalidCookieDomain — domain contains CTLs or semicolons - CookiePrefixViolation — __Host-/__Secure- prefix constraints not met - SameSiteRequiresSecure — SameSite=None without Secure

fun box build()
: (SetCookie val | ((InvalidCookieName val | InvalidCookieValue val | InvalidCookiePath val | 
    InvalidCookieDomain val | CookiePrefixViolation val | SameSiteRequiresSecure val) & _SetCookieBuildError val))

Returns

• (SetCookie val | ((InvalidCookieName val | InvalidCookieValue val | InvalidCookiePath val | InvalidCookieDomain val | CookiePrefixViolation val | SameSiteRequiresSecure val) & _SetCookieBuildError val))

---