CookieManager is http middleware middlewares which defines IoC and Request attribute for CookieQueue class which is used as bucket for all cookies created in a such scope:
middleware invoke (request, response, next)
queue = new queue
request = request with decoded cookies
container share queue
response = next (request, response)
response = response with encrypted cookies from queue
container release queue
return response
By default CookieManager middleware already mounted in http config (run on every request), this gives you ability to access cookie queue inside your controllers using either dependency or shortcut "cookies":
public function indexAction(CookieQueue $cookies)
{
$cookies->set('hello', 'wold');
$this->cookies->set('abc', 'value');
}
Attention, CookieQueue is not the same as request cookies:
dump($this->input->cookies);
CookieManager can be configured using HttpConfig section:
'cookies' => [
//Default cookie domain (null - no header value)
'domain' => null,
//Cookie protection method
'method' => Http\Configs\HttpConfig::COOKIE_HMAC,
//Cookies excluded from encryption
'excluded' => [
/*{{cookies.excluded}}*/
]
],
hash_hmac (sha256) (EncrypterInterface key [~?])When cookie manager meets value which can not be decoded it will replace it with null.
If your application creates set of cookies which should not be protected/encrypter (for example to exchange data with SPA) simply list name of such cookie in section 'excluded'.