I am having some problem figuring out how to remove cookies.

Cause you need to have the cookie in order to remove it, which to me is weird as i would expect to remove it by it's name. But if you get the cookie beforehand you can't use that cookie to remove it cause of lifetime issues. Are you supposed to just create a dummy cookie like in the Counter example?

    async fn handler(Extension(cookies): Extension<Cookies>) {
        let key = KEY.get().unwrap();
        let private_cookies = cookies.signed(key);
        cookies.remove(Cookie::new(COOKIE_NAME, ""));
    }

See tokio-rs/axum#695

Hi, when using the flash crate in axum, we also have to use the crate tower_cookies too for cookie management. As such, the session example in the axum repo will not work(I remember reading somewhere that tower_cookies kinda override any cookies made by other means?).

Right now, I have no idea how to get current cookies while inside axum FromRequest implementation. When I do a cookies.list()) in the FromRequest implementation, it shows an Empty list even though there are 2 cookies that were created upon the user logging in(I can see them correctly in the browser.)

Having an example of session using tower-cookies would be much appreciated :)

For implementing axum-flash I needed signed cookies to make sure third parties hadn't tampered with them. I did that like so this:

• Creating a temporary cookie::CookieJar and a signed child jar
• Putting a cookie into it
• Reading the cookie again to get the now signed value
• Writing that to tower_cookies::Cookies

For reading the value I did same but in reverse.

Would be nice if tower-cookies provided a more ergonomic way to do this. Perhaps adding methods similar to those found on cookies::CookieJar to create signed jars, ie CookieJar::signed and CookieJar::signed_mut.

By the way thanks for tower-cookies. Its really nice 😊

Hi! This is for inspiration, not for merging — axum 0.6 isn't stable yet, I just needed tower-cookies to work with it and thought y'all might be curious to look at what changes will be needed once 0.6 is stable.

Before this commit, the Key that's passed to Cookies::signed() or Cookies::private() is forced to have a static lifetime, because the returned Cookie gets self's lifetime as its lifetime parameter. Fix this by using 'static lifetime instead.

This makes it possible e.g. to store Key in an axum Extension layer instead of a global Cell.

Should change the value to login String and password String, but nothing happens.

async fn register_new_account(
    Form(new_account): Form<Account>,
    Extension(pool): Extension<PgPool>,
    cookie: Cookies,
) -> impl IntoResponse {
    sqlx::query!(
        "INSERT INTO accounts (login, password) VALUES ($1, $2)",
        new_account.login,
        new_account.password
    )
    .execute(&pool)
    .await
    .unwrap();

    println!("SUS! {} | {}", new_account.login, new_account.password);
    cookie.get("login").unwrap().set_value(new_account.login); 
    cookie.get("password").unwrap().set_value(new_account.password);

    Redirect::to(Uri::from_static("/"))
}

Lines where I try to change a value.

cookie.get("login").unwrap().set_value(new_account.login); 
cookie.get("password").unwrap().set_value(new_account.password);

Result after handler work:

I believe this line https://github.com/imbolc/tower-cookies/blob/main/src/service/mod.rs#L39 is only processing the first occurrence of the Cookie: header but apparently HTTP2 supports multiple Cookie headers (for better compression) (See https://www.rfc-editor.org/rfc/rfc7540#section-8.1.2.5 ). Both Chrome and Safari seem to be sending them as separate cookie headers.

Switching that line https://github.com/imbolc/tower-cookies/blob/main/src/service/mod.rs#L39 out to this hideous block seems to fix it as it just recreates the giant cookie blob and lets the rest split like normal.

        // let value = req.headers().get(header::COOKIE).cloned();

        let value: Vec<_> = req
            .headers()
            .get_all(header::COOKIE)
            .iter()
            .map(|a| a.to_str().unwrap())
            .collect();
        let value = value.join("; ");
        let value = Some(HeaderValue::from_str(&*value).unwrap());

Added:

• authors to Cargo.toml.
• categories to Cargo.toml.
• New description to Cargo.toml.
• New keywords to Cargo.toml.
• homepage to Cargo.toml.

Removed:

• tower-layer feature.

Corrected:

• Cookies methods now take &self instead of &mut self.
• Tests can now compile without default features.

Changes:

• Reorder Cargo.toml package fields alphabetically.
• Badges in README.md.
• Example in README.md.
• Example in documentation.
• Documentation.
• Examples.
• Moved some structs to new modules.

Misc:

• Added some files to .gitignore.

Just like the underlying crate it should be clear from the documentation that the private cookie jar not only encrypts the cookies but also signs them. I have copied the docs from the underlying 'cookie' crate for the private cookies.

I cannot figure out how to use private cookies. The struct is there, but I don't know how to use it. Could you please consider adding an example for it?

This changes tower-cookies to have a public dependency on axum-core instead of axum.

axum-core is designed to be a small crate that only contains the FromRequest and IntoResponse traits. Because of the smaller API its less likely to receive breaking changes. Therefore its recommended for library to depend on that instead of axum.

Note this is a breaking change since axum 0.3 doesn't know about axum-core.