Takes 6 parameters, Name, Value, Path, Domain, Expires, Other
An HTTP Cookie will be set in the client's web browser, referenced by Name and set to Value. The client's web browser will on subsequent visits return this value to the server in the HTTP Header, where it will be parsed automatically and appear in the Request Query with the prefix of
Cookie. in front of the Field name. Any Attributes (Path, Domain, Expires, Others) will be placed into Fields named the same but with a trailing
# symbol followed by the Attribute name.
HTTP Cookies should not be trusted, any more than any other data that arrives from a client. A secure way to store information about a user that cannot be modified by that user is to use the built-in Session tools instead: the
Session Command, the
Session$ Text Function, and/or the Session Function of the
It is typical for web systems to set the Value to a parseable string of many named value pairs in a single Cookie. This is preferable to having many separate Cookies stored on the user's computer. For example, you can use URLEncode on each value and then separate each name/value pair with the
& sign. Note that Value may not include any
If Path is set, then all URLs that equal that path, or are a sub-element of that path, will have this Cookie returned. In order to have a Cookie always be returned, anywhere in the system, set the Path to "/". If the Path is blank or is not specified, then the Client's web browser will set the Path for the Cookie to the current URL.
If Domain is set, then the Cookie will only be returned for URLs on that Domain, or a sub-Domain thereof. Note that most web-browsers, by default, will not accept Cookies with the Domain set to anything other than the domain of the current server. Therefore, this parameter will typically be left blank or not specified, in which case the Client's web browser will set the Domain for the Cookie to the current server's domain.
If Expires is set, the Cookie will not be deleted when the user's web browser is closed. The format of this value must be in the form of "Wdy, DD-Mon-YYYY HH:MM:SS GMT". If a Cookie with a future Expiry date is to be recalled/cancelled, simply set the same Cookie again with an Expiry date well in the past.
"LongTerm"will set a Date/Time of end-of-day 360 days later.
"Delete"will set a fixed Date/Time of end-of-day 7 days prior to today.
yyyy-mm-ddit will auto convert to the HTTP format of
DoW, DD-Mmm-YYYY 23:59:59 GTM, without time zone considerations (the text of 23:59:59 GTM is literally just appended; *be warned that this may change in the future*).
yyyy-mm-ddit will be used as is.
Any other Attributes may be specified in the Other parameter. Each Other Attribute must be in the form of
Name=Value and be separated by a
Any Cookies that are set while the client is connecting via HTTPS will automatically have the "secure" flag applied to the cookie, such that it will only be returned to the server over a secure connection.
; HttpOnly in the Other Parameter for the
Rem 'Setting Cookie
[New] User = $SessionUser
HttpCookie "ActAsUser", User, "", "", "", ""
Rem 'Getting Cookie
HtmlAlert Cookie.ActAsUser 'Displays session user's alias