Function encode_cookie 

pub fn encode_cookie(
    key: SigningKey,
    name: impl AsRef<[u8]>,
    value: impl AsRef<[u8]>,
) -> String

Encrypt & sign a cookie value.

You may be interested in encode_cookie_advanced for no_std support.

Cookie Name

The name of the cookie is required to prevent attackers from swapping the encrypted value of one cookie with the encrypted value of another cookie.

For example, say you have two cookies:

session-account-id=2381
last-cache-reload=3193

When encrypted, the cookies might look like:

session-account=LfwFJ8N0YR5f4U8dWFc5vARKQL7GvRJI
last-cache-reload=NyOwR3npVm0gn8xlm89qcPMzQHjLZLs99

If the name of the cookie wasn’t included in the encrypted value it would be possible for an attacker to swap the values of the two cookies and make your server think that the session-account-id cookie value was 3193, effectively impersonating another user.

The name will be included in the encrypted value and verified against the name you provide when calling decode_cookie later.

Other Notes

RFC6265 restricts the characters valid in cookie names. This function does not validate the name you provide.

Inspired by the cookie crate.