HTTP, per se, is a stateless protocol, meaning that it retains no session state between transactions. Cookies, as specified by the HTTP 1.1 standard, let web clients and servers cooperate to build a stateful session from a sequence of HTTP transactions.
Each time a server sends a response to a client's request, the server may initiate or continue a session by sending one or more Set-Cookie headers, whose contents are small data items called cookies. When a client sends another request to the server, the client may continue a session by sending Cookie headers with cookies previously received from that server or other servers in the same domain. Each cookie is a pair of strings, the name and value of the cookie, plus optional attributes. Attribute max-age is the maximum number of seconds the cookie should be kept. The client should discard saved cookies after their maximum age. If max-age is missing, then the client should discard the cookie when the user's interactive session ends.
21.2.1. The Cookie Module
The Cookie module supplies several classes, mostly for backward compatibility. CGI scripts normally use the following classes from module Cookie.
18.104.22.168. Cookie methods
An instance c of SimpleCookie or SmartCookie supplies the following methods.
22.214.171.124. Morsel attributes and methods
An instance m of class Morsel supplies three read/write attributes:
Instance m also supplies the following methods.
126.96.36.199. Using module Cookie
Module Cookie supports cookie handling in both client-side and server-side scripts. Typical usage is server-side, often in a CGI script (where you have no alternatives, to maintain session state, to the direct manipulation of cookies). The following example shows a simple CGI script using cookies:
import Cookie, time, os, sys, traceback sys.stderr = sys.stdout try: # first, the script emits HTTP headers c = Cookie.SimpleCookie( ) c["lastvisit"]=str(time.time( )) print c.output( ) print "Content-Type: text/html" print # then, the script emits the response's body print "<html><head><title>Hello, visitor!</title></head> <body>" # for the rest of the response, the scripts gets and decodes the cookie c = Cookie.SimpleCookie(os.environ.get("HTTP_COOKIE")) when = c.get("lastvisit") if when is None: print "<p>Welcome to this site on your first visit!</p>" print "<p>Please click the 'Refresh' button to proceed</p>" else: try: lastvisit = float(when.value) except: print "<p>Sorry, cannot decode cookie (%s)</p>"%when.value print "</br><pre>" traceback.print_exc( ) else: formwhen = time.asctime(time.localtime(lastvisit)) print "<p>Welcome back to this site!</p>" print "<p>You last visited on %s</p>"%formwhen print "</body></html>" except: print "Content-Type: text/html" print print "</br><pre>" traceback.print_exc( )
Each time a client visits the script, the script sets a cookie encoding the current time. On successive visits, if the client browser supports cookies, the script greets the visitor appropriately. Module time is covered in "The time Module" on page 302. This example uses no cryptography or server-side persistence, since session state is small and not confidential.