cookie
property of the document
object.client
object, when using client-cookie maintenance.Set-Cookie:
name=value
[;EXPIRES=dateValue]
[;DOMAIN=domainName]
[;PATH=pathName]
[;SECURE]
name
=value
is a sequence of characters excluding semicolon, comma and white space. To place restricted characters in the name
or value
, use an encoding method such as URL-style %XX encoding.
EXPIRES=dateValue
specifies a date string that defines the valid life time of that cookie. Once the expiration date has been reached, the cookie will no longer be stored or given out. If you do not specify dateValue
, the cookie expires when the user's session ends.
The date string is formatted as:
Wdy, DD-Mon-YY HH:MM:SS GMTwhere
Wdy
is the day of the week (for example, Mon or Tues); DD
is a two-digit representation of the day of the month; Mon
is a three-letter abbreviation for the month (for example, Jan or Feb); YY
is the last two digits of the year; HH:MM:SS
are hours, minutes, and seconds, respectively.
DOMAIN=domainName
specifies the domain attributes for a valid cookie. See "Determining a Valid Cookie" on page 677. If you do not specify a value for domainName
, Navigator uses the host name of the server which generated the cookie response.
PATH=pathName
specifies the path attributes for a valid cookie. See "Determining a Valid Cookie" on page 677. If you do not specify a value for pathName
, Navigator uses the path of the document that created the cookie property (or the path of the document described by the HTTP header, for CGI programming).
SECURE
specifies that the cookie is transmitted only if the communications channel with the host is a secure. Only HTTPS (HTTP over SSL) servers are currently secure. If SECURE
is not specified, the cookie is considered sent over any channel.
royalairways.com
matches hostnames anvil.royalairways.com
and ship.crate.royalairways.com
.
Only hosts within the specified domain can set a cookie for a domain. In addition, domain names must use at least two or three periods. Any domain in the COM
, EDU
, NET
, ORG
, GOV
, MIL
, and INT
categories requires only two periods; all other domains require at least three periods.
PATH=pathName
specifies the URLs in a domain for which the cookie is valid. If a cookie has already passed domain matching, then the pathname component of the URL is compared with the path attribute, and if there is a match, the cookie is considered valid and is sent along with the URL request. For example, PATH=/foo matches
/foobar
and /foo/bar.htm
. The path "/"
is the most general path.
Syntax of the Cookie HTTP Request Header.
When requesting a URL from an HTTP server, the browser matches the URL against all existing cookies. When a cookie matches the URL request, a line containing the name/value pairs of all matching cookies is included in the HTTP request in the following format:
Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...Saving Cookies. A single server response can issue multiple Set-Cookie headers. Saving a cookie with the same
PATH
and NAME
values as an existing cookie overwrites the existing cookie. Saving a cookie with the same PATH
value but a different NAME
value adds an additional cookie.
The EXPIRES
value indicates when to purge the mapping. Navigator will also delete a cookie before its expiration date arrives if the number of cookies exceeds its internal limits.
A cookie with a higher-level PATH
value does not override a more specific PATH
value. If there are multiple matches with separate paths, all the matching cookies are sent, as shown in the examples below.
A CGI script can delete a cookie by returning a cookie with the same PATH
and NAME
values, and an EXPIRES
value which is in the past. Because the PATH
and NAME
must match exactly, it is difficult for scripts other than the originator of a cookie to delete a cookie.
Specifications for the Client.
When sending cookies to a server, all cookies with a more specific path mapping are sent before cookies with less specific path mappings. For example, a cookie "name1=foo" with a path mapping of "/" should be sent after a cookie "name1=foo2" with a path mapping of "/bar" if they are both to be sent.
The Navigator can receive and store the following:
OPAQUE_STRING
combine to form the 4 kilobyte limit.Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday,When client requests a URL in path "/" on this server, it sends:
09-Nov-99 23:12:40 GMT
Cookie: CUSTOMER=WILE_E_COYOTEClient requests a document, and receives in the response:
Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/When client requests a URL in path "/" on this server, it sends:
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001Client receives:
Set-Cookie: SHIPPING=FEDEX; path=/fooWhen client requests a URL in path "/" on this server, it sends:
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001When client requests a URL in path "/foo" on this server, it sends:
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001;Example 2. This example assumes all mappings from Example 1 have been cleared. Client receives:
SHIPPING=FEDEX
Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/When client requests a URL in path "/" on this server, it sends:
Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001Client receives:
Set-Cookie: PART_NUMBER=RIDING_ROCKET_0023; path=/ammoWhen client requests a URL in path "/ammo" on this server, it sends:
Cookie: PART_NUMBER=RIDING_ROCKET_0023;There are two name/value pairs named "PART_NUMBER" due to the inheritance of the "/" mapping in addition to the "/ammo" mapping.
PART_NUMBER=ROCKET_LAUNCHER_0001
Last Updated: 05/28/99 12:01:24