only for RuBoard - do not distribute or recompile Previous Section Next Section

1.11 Cookies

Cookies allow web servers to store state information in the browser. They are often used to store session variables, user preferences, or user identity. Cookies are not part of the HTTP specification; however, they have become ubiquitous and are sometimes needed for proper interactions with some web sites.

Cookies work in the following way: when a server program wishes to store state information in the client, the server issues a Set-Cookie header its response to the client, which contains the value it wishes to store. The client is expected to store the information from the Set-Cookie header, associated with the URL or domain that issues the cookie. In subsequent requests to that URL or domain, the client should include the cookie information using the Cookie header. The server or CGI program uses this information to return a document tailored to that specific client. The server can set an expiration date for the cookie, or just use it for a session that will not survive beyond the current instance of the browser.

For example, the client may fill in a form opening a new account. The request might read:

POST /sales.ora.com/order.pl HTTP/1.0
[Client headers here]

type=new&firstname=John&lastname=Smith

The server stores this information along with a new account ID, and sends it back in the response:

HTTP/1.0 200 OK
[Server headers here]
Set-Cookie: acct=04382374;domain=.ora.com;Expires=Sun, 16-Feb-2003 04:38:14 GMT;Path=/

The next time the browser visits the site, the client should recognize that a cookie is needed, and send:

GET /order.pl HTTP/1.0
[Client headers here]
Cookie: acct=04382374

More details about cookies are available at:

http://www.netscape.com/newsref/std/cookie_spec.html

only for RuBoard - do not distribute or recompile Previous Section Next Section