response.setHeader("cookie", "r=robot")
    assertThat(headersToList(response))
      .containsExactly("Cookies: delicious", "cookie: r=robot")
  }

  @Test
  fun mockResponseSetHeaders() {
    val response =
      MockResponse()
        .clearHeaders()
        .addHeader("Cookie: s=square")
        .addHeader("Cookies: delicious")
    response.setHeaders(Headers.Builder().add("Cookie", "a=android").build())

  }
}

fun CookieJar.receiveHeaders(
  url: HttpUrl,
  headers: Headers,
) {
  if (this === CookieJar.NO_COOKIES) return

  val cookies = Cookie.parseAll(url, headers)
  if (cookies.isEmpty()) return

  saveFromResponse(url, cookies)
}

/**
 * Returns true if the response headers and status indicate that this response has a (possibly
 * 0-length) body. See RFC 7231.
 */

    if current_user is None:
        return {"msg": "Create an account first"}
    else:
        return current_user


def test_security_api_key():
    client = TestClient(app, cookies={"key": "secret"})
    response = client.get("/users/me")
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "secret"}


def test_security_api_key_no_key():

    builder.setHeader("cookie", "r=robot")
    assertThat(headersToList(builder)).containsExactly("Cookies: delicious", "cookie: r=robot")
  }

  @Test
  fun mockResponseSetHeaders() {
    val builder =
      MockResponse
        .Builder()
        .clearHeaders()
        .addHeader("Cookie: s=square")
        .addHeader("Cookies: delicious")

    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user


def test_security_api_key():
    client = TestClient(app, cookies={"key": "secret"})
    response = client.get("/users/me")
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "secret"}


def test_security_api_key_no_key():

class APIKeyCookie(APIKeyBase):
    """
    API key authentication using a cookie.

    This defines the name of the cookie that should be provided in the request with
    the API key and integrates that into the OpenAPI documentation. It extracts
    the key value sent in the cookie automatically and provides it as the dependency
    result. But it doesn't define how to set that cookie.

    ## Usage

  }

  @Test
  fun cookie() {
    val cookie: Cookie = Cookie.Builder().build()
    val name: String = cookie.name
    val value: String = cookie.value
    val persistent: Boolean = cookie.persistent
    val expiresAt: Long = cookie.expiresAt
    val hostOnly: Boolean = cookie.hostOnly
    val domain: String = cookie.domain
    val path: String = cookie.path
    val httpOnly: Boolean = cookie.httpOnly

   * {@code co.uk}, {@code google.invalid}, or {@code blogspot.com}.
   *
   * <p>This method can be used to determine whether it will probably be possible to set cookies on
   * the domain, though even that depends on individual browsers' implementations of cookie
   * controls. See <a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a> for details.
   *
   * @since 6.0
   */
  public boolean isUnderPublicSuffix() {

    - tutorial/body-fields.md
    - tutorial/body-nested-models.md
    - tutorial/schema-extra-example.md
    - tutorial/extra-data-types.md
    - tutorial/cookie-params.md
    - tutorial/header-params.md
    - tutorial/cookie-param-models.md
    - tutorial/header-param-models.md
    - tutorial/response-model.md
    - tutorial/extra-models.md
    - tutorial/response-status-code.md

cookie.search.parameter.http_only=true
# Whether to set Secure attribute to the search parameter cookie. Should be true in production environments using HTTPS.
cookie.search.parameter.secure=
# Max-Age (in seconds) for the search parameter cookie. Use -1 for session-only cookies.
cookie.search.parameter.max_age=60