Takes 6 parameters, Name, Value, Path, Domain, Expires, Other


An HTTP Cookie will be set in the client's web browser, referenced by Name and set to Value. The client's web browser will on subsequent visits return this value to the server in the HTTP Header, where it will be parsed automatically and appear in the Request Query with the prefix of Cookie. in front of the Field name. Any Attributes (Path, Domain, Expires, Others) will be placed into Fields named the same but with a trailing # symbol followed by the Attribute name.

HTTP Cookies should not be trusted, any more than any other data that arrives from a client. A secure way to store information about a user that cannot be modified by that user is to use the built-in Session tools instead: the Session Command, the Session$ Text Function, and/or the Session Function of the Text Command.

If Path is set, then all URLs that equal that path, or are a sub-element of that path, will have this Cookie returned. In order to have a Cookie always be returned, anywhere in the system, set the Path to "/". If the Path is blank or is not specified, then the Client's web browser will set the Path for the Cookie to the current URL.

If Domain is set, then the Cookie will only be returned for URLs on that Domain, or a sub-Domain thereof. Note that most web-browsers, by default, will not accept Cookies with the Domain set to anything other than the domain of the current server. Therefore, this parameter will typically be left blank or not specified, in which case the Client's web browser will set the Domain for the Cookie to the current server's domain.

If Expires is set, the Cookie will not be deleted when the user's web browser is closed. The format of this value must be in the form of "Wdy, DD-Mon-YYYY HH:MM:SS GMT". If a Cookie with a future Expiry date is to be recalled/cancelled, simply set the same Cookie again with an Expiry date well in the past.

Any other Attributes may be specified in the Other parameter. Each Other Attribute must be in the form of Name=Value and be separated by a ;

Any Cookies that are set while the client is connecting via HTTPS will automatically have the "secure" flag applied to the cookie, such that it will only be returned to the server over a secure connection.

When Moxie creates Cookies, it will add the "HttpOnly" flag to all cookie by default. This prevents access to these cookies from JavaScript on the client side and improves security. If a cookie needs to be accessed via JavaScript on the client, the cookie should be named with a prefix of "CnwClient." such as Moxie built in CnwClient.LoggedIn cookie.



Rem 'Setting Cookie
HttpCookie "TestVal1", 123, "", "", "", ""
HttpCookie "TestVal2", 234, "", "", "", ""

Rem 'Getting Cookie
[Pull] Cookie.ActAsUser Cookie.TestVal
HtmlAlert Cookie.TestVal1
HtmlAlert Cookie.TestVal2