sclass ServeHttp_CookieHandler {
  int days = 365;
  S cookieName = "cookie";
  bool verbose;
  S cookieValue;
  S metaParams; // e.g. "SameSite=Strict"
  bool shareCookiesBetweenApexDomains;

  // returns cookie (may be empty if client doesn't accept cookies)
  S handle() {
    NanoHTTPD.IHTTPSession session = NanoHTTPD.currentSession!;
    if (session == null) null;
    NanoHTTPD.CookieHandler cookies = session.getCookies();
    if (empty(cookieValue)) cookieValue = cookies.read("cookie");
    if (empty(cookieValue) && empty((S) mapGet(getHttpdHeaders(), "x-no-cookies"))) {
      cookieValue = randomID(20);
      if (verbose)
        print("New cookie.");
    }
    
    // TODO: don't send if cookie not new?
    
    if (verbose)
      print("IP " + session.remoteIp() + ", cookie: " + cookieValue);
      
    if (nempty(cookieValue)) {
      var cookie = cookies.set("cookie", cookieValue + prependIfNempty("; ", metaParams), days);
      
      S apexDomain = apexDomain(dropPortFromHost(session.getHeaders().get("host")));
      if (shareCookiesBetweenApexDomains && nempty(apexDomain))
        cookie.domain = apexDomain;
    }

    ret cookieValue; 
  }
}