Jay Eckles
Menu
Home
Research
Tutorials
  -CGI
  -Servlets
CGI Calendar
JERSS
Contact
About Jay

 

Search

An Introduction to CGI - The Common Gateway Interface

by Jay Eckles

Setting a Cookie

To set a cookie on the user's machine, you need to send one or more "Set-cookie" HTTP headers in the output of your CGI gateway program. Here's an example of one such header:
Set-cookie: foo=bar; domain=domain.com; path=/; expires=Fri, 09-Dec-96 13:46:00 GMT

The first part of the value of the cookie header is foo=bar. This is the variable and its value that you are setting. Like name/value pairs, foo is the name of the variable and bar is the actual value of the variable. The next part of the cookie is domain=domain.com. This specifies the domain for which the cookie is valid, presumably your own. The next part is path=/. This means that the cookie is valid for any part of the domain on this path. In the case of "/", the cookie is valid for the entire site. If you have your own account on a domain and you only want your cookie to be valid for your account, set the path to "/~username/" or "/username/". Any document outside this path cannot access this cookie. The next part of the cookie is the expires=Fri, 09-Dec-96 13:46:00 GMT. This is the expiration date and time of the header, or its requested lifespan. I say requested lifespan because the browser managing the cookie file or the user himself may decide to purge the cookie file, thus expiring your cookie before the requested date and time. The date and time should be in standard GMT format. In addition to these parts of the cookie, you may also set a secure attribute to the value of the set-cookie header; if the value is true, it indicates that the cookie should only be used under a secure server situation like SSL. It defaults to false.

Expires is not required: it defaults to the end of the session with the current browser instance (when the user quits the web browser application, your cookie disappears). Path is not required: it defaults to the path of the document creating the cookie, i.e. your gateway program. Domain is not required: it defaults to the domain of the document creating the cookie, i.e. your domain. Secure is not required: it defaults to false.

[Contents] [Next] [Previous]

If you have any questions or would like to contact me for any reason, please email me at j.eckles@computer.org.