Takes 6 parameters, Name, Value, Path, Domain, Expires, Other
Description:
An HTTP Cookie will be set in the client's web browser, referenced by Name and set to Value. The client's web browser will on subsequent visits return this value to the server in the HTTP Header, where it will be parsed automatically and appear in the Request Query with the prefix of Cookie. in front of the Field name. Any Attributes (Path, Domain, Expires, Others) will be placed into Fields named the same but with a trailing # symbol followed by the Attribute name.
HTTP Cookies should not be trusted, any more than any other data that arrives from a client. A secure way to store information about a user that cannot be modified by that user is to use the built-in Session tools instead: the Session Command, the Session$ Text Function, and/or the Session Function of the Text Command.
It is typical for web systems to set the Value to a parseable string of many named value pairs in a single Cookie. This is preferable to having many separate Cookies stored on the user's computer. For example, you can use URLEncode on each value and then separate each name/value pair with the & sign. Note that Value may not include any ; characters.
If Path is set, then all URLs that equal that path, or are a sub-element of that path, will have this Cookie returned. In order to have a Cookie always be returned, anywhere in the system, set the Path to "/". If the Path is blank or is not specified, then the Client's web browser will set the Path for the Cookie to the current URL.
If Domain is set, then the Cookie will only be returned for URLs on that Domain, or a sub-Domain thereof. Note that most web-browsers, by default, will not accept Cookies with the Domain set to anything other than the domain of the current server. Therefore, this parameter will typically be left blank or not specified, in which case the Client's web browser will set the Domain for the Cookie to the current server's domain.
If Expires is set, the Cookie will not be deleted when the user's web browser is closed. The format of this value must be in the form of "Wdy, DD-Mon-YYYY HH:MM:SS GMT". If a Cookie with a future Expiry date is to be recalled/cancelled, simply set the same Cookie again with an Expiry date well in the past.
"LongTerm" will set a Date/Time of end-of-day 360 days later."Delete" will set a fixed Date/Time of end-of-day 7 days prior to today.yyyy-mm-dd it will auto convert to the HTTP format of DoW, DD-Mmm-YYYY 23:59:59 GTM, without time zone considerations (the text of 23:59:59 GTM is literally just appended; *be warned that this may change in the future*).yyyy-mm-dd it will be used as is.Any other Attributes may be specified in the Other parameter. Each Other Attribute must be in the form of Name=Value and be separated by a ;
Any Cookies that are set while the client is connecting via HTTPS will automatically have the "secure" flag applied to the cookie, such that it will only be returned to the server over a secure connection.
When Moxie creates Cookies, it will add the "HttpOnly" flag to all cookie by default. This prevents access to these cookies from JavaScript on the client side and improves security. If a cookie needs to be accessed via JavaScript on the client, the cookie should be named with a prefix of "CnwClient." such as Moxie built in CnwClient.LoggedIn cookie.
Example:
Rem 'Setting Cookie
[New] User = $SessionUser
HttpCookie "ActAsUser", User, "", "", "", ""
EndRem
Rem 'Getting Cookie
[Pull] Cookie.ActAsUser
HtmlAlert Cookie.ActAsUser 'Displays session user's alias
EndRem