A rchive Date
[ 10-06-2000 ]
Category
[ Information Technologies ]
sub-Categoy
[ Networking ]
|
[COOKIE CREATION
4.1 Introduction
Creating a cookie generally involves duplicating the HTTP cookie header in some fashion so that the browser will store the name-value pair in memory. Some languages expect an exact HTTP header to be sent, while others will use built-in functions to help you speed the process along.
Cookies can be set from the browser-side or from the server-side. The determining factor will be the language you use to create the cookie. Once the cookie is created, it should flow easily from server to client and back via the HTTP headers.
4.2 Creating cookies with JavaScript
JavaScript supplies a built-in object called document.cookie to handle cookie interaction. This object will store all the valid cookies for the given page the script is running on.
When you insert a value into document.cookie, a cookie will be created. The syntax is identical to that of the HTTP header:
Bill Dortch at hIdaho Design (bdortch@hidaho.com) has the most comprehensive set of functions for cookie management from the Client. One such function is SetCookie (all of his functions can be found at http://www.hidaho.com/cookies/cookie.txt):
This function requires that a name and a value are passed, with all other parameters optional. A sample use of this function could be the following:
The SetCookie function is more versatile if you wish to make many cookies, or if you want to set the parameters on-the-fly.
4.3 Creating cookies with PERL
As with most HTTP-related processes in PERL, cookies are set by writing an actual header to the response for an HTTP request. Most PERL programmers are used to writing headers like the following:
Content-type: text/html
This is a MIME header that explains that the content following is text-based HTML code. Similarly, we could write the cookie header directly:
Content-type: text/html
Set-Cookie: foo=bar; path=/; expires=Mon, 01-Jan-2001 00:00:00 GMT
Here, an HTML page would follow after a cookie has been set.
Another very popular HTTP header used in PERL is Location. Be aware that Location is best placed as the last header in a group:
Content-type: text/html
Set-Cookie: foo=bar; path=/; expires=Mon, 01-Jan-2001 00:00:00 GMT
Location: http://www.mysever.com
4.4 Creating cookies with LiveWire
To make a cookie with LiveWire, simply use the client object like so:
client.foo = bar;
client.expiration(expire);
Where expire is the number of milliseconds that you wish the cookie to live for.
Note: When transmitted via HTTP, any methods of the client object will have the prefix NETSCAPE_LIVEWIRE appended to them to help LiveWire restore these values into the client object in the future.
In this example, the cookie that is actually transmitted is named NETSCAPE_LIVEWIRE.foo
4.5 Creating cookies with Active Server Pages
Setting cookies requires usage of the Response.Cookies Object in ASP. This Object contains parameters equivalent to each possible parameter in the normal HTTP header:
Response.Cookies("foo") = "bar"
Response.Cookies("foo").Expires = "January 1, 2001"
Response.Cookies("foo").Domain = "myserver.com"
Response.Cookies("foo").Path = "/"
Response.Cookies("foo").Secure = FALSE
4.6 Creating cookies with VBScript
Creating a cookie in VBScript is almost identical to that of JavaScript:
<SCRIPT language=VBScript>
document.cookie="foo=bar; path=/; expires Mon, 01-Jan-2001 00:00:00 GMT"
</SCRIPT>
The differences would come about in creating a subroutine to do this for you quickly:
<SCRIPT language=VBScript>
Sub SetCookie (name, value, expires, path, domain, secure)
setStr = name & "=" & value
If (expires <> "") Then setStr = setStr & "; expires=" & expires
If (path <> "") Then setStr = setStr & "; path=" & path
If (domain <> "") Then setStr = setStr & "; domain=" & domain
If (secure <> "") Then setStr = setStr & "; secure"
document.cookie = setStr
End Sub
</SCRIPT>
Note two main differences, both of which affect the call to this subroutine. Firstly, the value is not explicitly URL-encoded ("escaped") for you. This must be done by hand. Secondly, all parameters must be explicitly listed in the call or the call will fail:
<SCRIPT language=VBScript>
SetCookie "foo","bar","Mon, 01-Jan-2001 00:00:00 GMT","/","myserver.com",""
</SCRIPT>
Limits on Cookie Creation
There are limits on the contents of both the cookie string and the cookie file. These limits are partially imposed by HTTP and partially by arbitrary choice. They are as follows:
You CANNOT set Cookies for domains other than those that the document resides in. That is, a page on www.myserver.com can set a Cookie for myserver.com and www.myserver.com, but NOT www.yourserver.com.
The cookie HTTP header must be no more than 4K in size.
For Netscape, domains can only set a maximum of 20 cookies each on a specific Client. This does not mean the true internet domain, but only the domain specified via document.cookie. If you have 20 cookies for www.myserver.com, and another 20 cookies for .myserver.com, this is allowed. For each cookie past 20, the least recently used cookie is deleted.
Also for Netscape, the cookie area may only hold a maximum of 300 total cookies from all sources. For each cookie past 300, the least recently used cookie is deleted.
Note that this applies to cookies while they are in memory or stored in the cookies.txt file. ]
|