Skip to main content

Cookies

To add cookie support to your Ring handler, you'll need to wrap it in the wrap-cookies middleware:

(use 'ring.middleware.cookies)
(def app
  (wrap-cookies your-handler))

This adds the :cookies key to the request map, which will contain a map of cookies looking something like this:

{"session_id" {:value "session-id-hash"}}

To set a cookie, you add a :cookies key to the response map:

{:status 200
 :headers {}
 :cookies {"session_id" {:value "session-id-hash"}}
 :body "Setting a cookie."}

As well as setting the value of the cookie, you can also set additional attributes:

  • :domain - restrict the cookie to a specific domain
  • :path - restrict the cookie to a specific path
  • :secure - restrict the cookie to HTTPS URLs if true
  • :http-only - restrict the cookie to HTTP if true (not accessible via e.g. JavaScript)
  • :max-age - the number of seconds until the cookie expires
  • :expires - a specific date and time the cookie expires
  • :same-site - Specify :strict,:lax, or :none to determine whether cookies should be sent with cross-site requests

So if you wanted to have a secure cookie that expires in one hour, you'd use:

{"secret" {:value "foobar", :secure true, :max-age 3600}}

Next Page - Sessions