Package com.oorian.security

Class CookieDefaults

java.lang.Object

com.oorian.security.CookieDefaults

public class CookieDefaults
extends Object

Configuration for secure cookie defaults applied to session cookies and application cookies.

When configured via Application.setSecureCookieDefaults(CookieDefaults), session cookies are automatically configured with the specified attributes, and all new OorianCookie instances inherit these defaults.

Default values:

• HttpOnly: true — prevents JavaScript access to cookies
• Secure: false — set to true for production (HTTPS-only)
• SameSite: Lax — prevents CSRF via cookies while allowing top-level navigation

Usage:

 // In Application.initialize() — enable with defaults
 setSecureCookieDefaults(new CookieDefaults());

 // Or customize
 CookieDefaults defaults = new CookieDefaults();
 defaults.setSecure(true);
 defaults.setSameSite(CookieDefaults.SameSite.STRICT);
 setSecureCookieDefaults(defaults);
 

Since:

2.1

Version:

1.0

Author:

Marvin P. Warble Jr.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	CookieDefaults.SameSite	Standard values for the SameSite cookie attribute.

Constructor Summary

Constructors

Constructor	Description
CookieDefaults()	Creates a new CookieDefaults instance with secure defaults.

Method Summary

Modifier and Type	Method	Description
String	getSameSite()	Returns the default SameSite attribute value.
boolean	isHttpOnly()	Returns whether HttpOnly is enabled by default.
boolean	isSecure()	Returns whether the Secure flag is enabled by default.
CookieDefaults	setHttpOnly(boolean httpOnly)	Sets whether cookies should be inaccessible to client-side scripts by default.
CookieDefaults	setSameSite(CookieDefaults.SameSite sameSite)	Sets the default SameSite attribute for cookies.
CookieDefaults	setSameSite(String sameSite)	Sets the default SameSite attribute for cookies using a raw string.
CookieDefaults	setSecure(boolean secure)	Sets whether cookies should only be sent over HTTPS connections by default.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CookieDefaults

public CookieDefaults()

Creates a new CookieDefaults instance with secure defaults.

Method Details

setHttpOnly

public CookieDefaults setHttpOnly(boolean httpOnly)

Sets whether cookies should be inaccessible to client-side scripts by default.

Parameters:

httpOnly - true to prevent JavaScript access (default), false to allow

Returns:

this instance for method chaining

setSecure

public CookieDefaults setSecure(boolean secure)

Sets whether cookies should only be sent over HTTPS connections by default.

Parameters:

secure - true for HTTPS-only cookies (recommended for production), false to allow HTTP (default, suitable for development)

Returns:

this instance for method chaining

setSameSite

public CookieDefaults setSameSite(CookieDefaults.SameSite sameSite)

Sets the default SameSite attribute for cookies.

Parameters:

sameSite - the SameSite policy (default: CookieDefaults.SameSite.LAX)

Returns:

this instance for method chaining

setSameSite

public CookieDefaults setSameSite(String sameSite)

Sets the default SameSite attribute for cookies using a raw string.

Parameters:

sameSite - the SameSite value string

Returns:

this instance for method chaining

isHttpOnly

public boolean isHttpOnly()

Returns whether HttpOnly is enabled by default.

Returns:

true if cookies are HttpOnly by default

isSecure

public boolean isSecure()

Returns whether the Secure flag is enabled by default.

Returns:

true if cookies are Secure by default

getSameSite

public String getSameSite()

Returns the default SameSite attribute value.

Returns:

the SameSite value string