Koha::CookieManager - Object for unified handling of cookies in Koha
use Koha::CookieManager;
my $mgr = Koha::CookieManager->new;
# Replace cookies
$cookie_list = $mgr->replace_in_list( [ $cookie1, $cookie2_old ], $cookie2_new );
# Clear cookies
$cookie_list = $mgr->clear_unless( $cookie1, $cookie2, $cookie3_name );
The current object allows you to remove cookies on the hardcoded list in this module, refined by 'keep' or 'remove' entries in koha-conf.xml. Note that a keep entry overrules a remove.
This module also offers a method to replace the old version of a cookie by a new one.
The module could be extended by (gradually) routing cookie creation through it in order to consistently fill cookie parameters like httponly, secure and samesite flag, etc. And could serve to register all our cookies in a central location.
my $mgr = Koha::CookieManager->new({}); # parameters for extensions
$cookies = $self->clear_unless( $query->cookie, @$cookies );
Arguments: either cookie names or cookie objects (CGI::Cookie).
Note: in the example above $query->cookie is a list of cookie names as returned
by the CGI object.
Returns an arrayref of cookie objects: empty, expired cookies for
cookies on the remove list, together with the remaining (untouched)
cookie objects.
$list2 = $mgr->replace_in_list( $list1, $cookie );
Add $cookie to $list1, removing older occurrences in list1.
$list1 is a list of CGI::Cookie objects.
$cookie must be a CGI::Cookie object; if it is not, only
cookie objects in list1 are returned (filtering list1).
Returns an arrayref of CGI::Cookie objects.
How do the keep or remove lines in koha-conf.xml work?
<do_not_remove_cookie>some_cookie</do_not_remove_cookie>
The name some_cookie should refer here to a cookie that is on the
hardcoded list in this module. If you do not want it to be cleared
(removed) on logout, include this line.
You might want to do this e.g. for KohaOpacLanguage.
<remove_cookie>another_cookie</remove_cookie>
The name another_cookie refers here to a cookie that is not on the
hardcoded list but you want this cookie to be cleared/removed on logout.
It could be a custom cookie.
Note that both directives use the cookie name as a prefix. So if you
add a remove line for cookie1, it also affects cookie12, etc.
Since a keep line overrules a remove line, this allows you to add
lines for removing cookie1 and not removing cookie12 in order to
remove cookie1, cookie11, cookie13 but not cookie12, etc.