Module de.cuioss.http
Package de.cuioss.http.security.data

Record Class Cookie

java.lang.Object
java.lang.Record
de.cuioss.http.security.data.Cookie
Record Components:
name - The cookie name (e.g., "JSESSIONID", "auth_token")
value - The cookie value (e.g., session ID, authentication token)
attributes - Cookie attributes string (e.g., "Domain=example.com; Secure; HttpOnly")
public record Cookie(@Nullable String name, @Nullable String value, @Nullable String attributes) extends Record
Immutable record representing an HTTP cookie with name, value, and attributes.

This record encapsulates the structure of HTTP cookies as defined in RFC 6265, providing a type-safe way to handle cookie data in HTTP security validation.

Design Principles

  • Immutability - All fields are final and the record cannot be modified
  • RFC Compliance - Follows HTTP cookie specifications
  • Security Focus - Designed with security validation in mind
  • Flexibility - Supports various cookie attribute formats

Usage Examples

 // Simple cookie
 Cookie sessionCookie = new Cookie("JSESSIONID", "ABC123", "");

 // Cookie with attributes
 Cookie secureCookie = new Cookie(
     "auth_token",
     "xyz789",
     "Domain=example.com; Path=/; Secure; HttpOnly"
 );

 // Access components
 String name = cookie.name();         // "JSESSIONID"
 String value = cookie.value();       // "ABC123"
 String attrs = cookie.attributes();  // "Domain=..."

 // Check for security attributes
 boolean isSecure = cookie.isSecure();       // Check for Secure attribute
 boolean isHttpOnly = cookie.isHttpOnly();   // Check for HttpOnly attribute

 // Use in validation
 validator.validate(cookie.name(), ValidationType.COOKIE_NAME);
 validator.validate(cookie.value(), ValidationType.COOKIE_VALUE);

The attributes field contains the semicolon-separated list of cookie attributes such as Domain, Path, Secure, HttpOnly, SameSite, and Max-Age. This field can be an empty string if no attributes are present.

Security Considerations

This record is a simple data container. Security validation should be applied to the name, value, and attributes components separately using appropriate validators.

Implements: Task B3 from HTTP verification specification
Since:
1.0
See Also:

  • Constructor Details

    • Cookie

      public Cookie(@Nullable String name, @Nullable String value, @Nullable String attributes)
      Creates an instance of a Cookie record class.
      Parameters:
      name - the value for the name record component
      value - the value for the value record component
      attributes - the value for the attributes record component

  • Method Details

    • simple

      public static Cookie simple(String name, String value)
      Creates a simple cookie with no attributes.
      Parameters:
      name - The cookie name
      value - The cookie value
      Returns:
      A Cookie with no attributes

    • hasName

      public boolean hasName()
      Checks if this cookie has a non-null, non-empty name.
      Returns:
      true if the name is not null and not empty

    • hasValue

      public boolean hasValue()
      Checks if this cookie has a non-null, non-empty value.
      Returns:
      true if the value is not null and not empty

    • hasAttributes

      public boolean hasAttributes()
      Checks if this cookie has any attributes.
      Returns:
      true if the attributes string is not null and not empty

    • isSecure

      public boolean isSecure()
      Checks if the cookie has the Secure attribute.
      Returns:
      true if the attributes contain "Secure"

    • isHttpOnly

      public boolean isHttpOnly()
      Checks if the cookie has the HttpOnly attribute.
      Returns:
      true if the attributes contain "HttpOnly"

    • getDomain

      public Optional<String> getDomain()
      Extracts the Domain attribute value if present.
      Returns:
      The domain value wrapped in Optional, or empty if not specified

    • getPath

      public Optional<String> getPath()
      Extracts the Path attribute value if present.
      Returns:
      The path value wrapped in Optional, or empty if not specified

    • getSameSite

      public Optional<String> getSameSite()
      Extracts the SameSite attribute value if present.
      Returns:
      The SameSite value (e.g., "Strict", "Lax", "None") wrapped in Optional, or empty if not specified

    • getMaxAge

      public Optional<String> getMaxAge()
      Extracts the Max-Age attribute value if present.
      Returns:
      The Max-Age value as a string wrapped in Optional, or empty if not specified

    • getAttributeNames

      public List<String> getAttributeNames()
      Returns all attribute names present in this cookie.
      Returns:
      A list of attribute names (may be empty)

    • nameOrDefault

      public String nameOrDefault(String defaultName)

    • valueOrDefault

      public String valueOrDefault(String defaultValue)

    • toCookieString

      public String toCookieString()
      Returns a string representation suitable for HTTP Set-Cookie headers. Note: This does not perform proper HTTP encoding - use appropriate encoding utilities for actual HTTP header generation.
      Returns:
      A string in the format "name=value; attributes"

    • withName

      public Cookie withName(String newName)
      Returns a copy of this cookie with a new name.
      Parameters:
      newName - The new cookie name
      Returns:
      A new Cookie with the specified name and same value/attributes

    • withValue

      public Cookie withValue(String newValue)
      Returns a copy of this cookie with a new value.
      Parameters:
      newValue - The new cookie value
      Returns:
      A new Cookie with the same name/attributes and specified value

    • withAttributes

      public Cookie withAttributes(String newAttributes)
      Returns a copy of this cookie with new attributes.
      Parameters:
      newAttributes - The new attributes string
      Returns:
      A new Cookie with the same name/value and specified attributes

    • toString

      public final String toString()
      Returns a string representation of this record class. The representation contains the name of the class, followed by the name and value of each of the record components.
      Specified by:
      toString in class Record
      Returns:
      a string representation of this object

    • hashCode

      public final int hashCode()
      Returns a hash code value for this object. The value is derived from the hash code of each of the record components.
      Specified by:
      hashCode in class Record
      Returns:
      a hash code value for this object

    • equals

      public final boolean equals(Object o)
      Indicates whether some other object is "equal to" this one. The objects are equal if the other object is of the same class and if all the record components are equal. All components in this record class are compared with Objects::equals(Object,Object).
      Specified by:
      equals in class Record
      Parameters:
      o - the object with which to compare
      Returns:
      true if this object is the same as the o argument; false otherwise.

    • name

      public @Nullable String name()
      Returns the value of the name record component.
      Returns:
      the value of the name record component

    • value

      public @Nullable String value()
      Returns the value of the value record component.
      Returns:
      the value of the value record component

    • attributes

      public @Nullable String attributes()
      Returns the value of the attributes record component.
      Returns:
      the value of the attributes record component