This class controls if/how IntraWeb generates cookies which are used in session management. The ServerController creates an instance of TIWBackButtonOptions, used internally.
Unit
IWServerControllerBase
Class hierarchy
TPersistent -> TIWSessionCookieOptions
Properties
SessionCookies: Boolean; [Published, Read/Write]
First, lets make clear the context. "Session" in SessionCookies means HTTP session, not IntraWeb user session. HTTP session cookies have a very specific meaning, i.e. they are not persistent cookies. SessionCookies are deleted when the client shuts down. This means that when the browser closes, all session cookies are also destroyed. Please notice that only closing the browser tab won't destroy session cookies.
When True, IntraWeb will generate code to create HTTP session cookies on the browser side. When False, IntraWeb will create normal cookies which will persist even when the user closes the browser (please notice that UseCookies property must be True in either case).
CookieNameSuffix: string; [Published, Read/Write]
Any string to be used as a suffix for the cookie name. This is optional.
UseCookies: Boolean; [Published, Read/Write]
When True, IntraWeb will use cookies to do all the session management, on the browser side. When SessionCookies is False, the cookies will be persistent, i.e. even if you close and reopen the browser, the cookie will be preserved. On the other hand, when UseCookies is True and SessionCookies is also True, IntraWeb will create HTTP session cookies which are not persistent, meaning that the session will be lost, on the browser side, when the browser is closed.
Secure: Boolean; [Published, Read/Write]
When True, IntraWeb will create secure cookies. A secure cookie will only be sent to the server when a request is made using SSL and the HTTPS protocol. Read more about it here.
HttpOnly: Boolean; [Published, Read/Write]
When True, IntraWeb will create Http-only cookies. HTTP-only cookies aren't accessible via JavaScript through Document.cookie property. Read more about it here.
SameSite: TIWCookieSameSiteOption; [Published, Read/Write]
Possible values are ssoNone, ssoLax, ssoStrict.
Same-site allows servers to assert that a cookie ought not to be sent along with cross-site requests, which provides some protection against cross-site request forgery attacks (CSRF). Read more about it here.
Methods
Create [Public]
Declaration: constructor Create(AServerControllerBase: TIWServerControllerBase); virtual;
Description: Constructs an instance of the class TIWSessionCookieOptions and initializes its data.
Parameters:
- AServerControllerBase (TIWServerControllerBase): TIWServerController instance
Assign [Public]
Declaration: procedure Assign(ASource: TPersistent); override;
Description: Copies properties values from another TIWSessionCookieOptions instance or TPersistent descendant.
Parameters:
- ASource (TPersistent): [param description]
|