For information about using cookies in LiveWire, see the LiveWire Developer's Guide.
A CGI program uses the following syntax to add cookie information to the HTTP header:
Set-Cookie:
name=value
[;EXPIRES=dateValue]
[;DOMAIN=domainName]
[;PATH=pathName]
[;SECURE]
The date string is formatted as:
Wdy, DD-Mon-YY HH:MM:SS GMT
DOMAIN=domainName specifies the domain attributes for a valid cookie. See "Determining a valid cookie". If you do not specify a value for domainName, Navigator uses the host name of the server which generated the cookie response.
PATH=pathName specifies the path attributes for a valid cookie. See "Determining a valid cookie". If you do not specify a value for pathName, Navigator uses the path of the document that created the cookie property (or the path of the document described by the HTTP header, for CGI programming).
Many different application types can take advantage of cookies. For example, a shopping application can store information about the currently selected items for use in the current session or a future session, and other applications can store individual user preferences on the client machine.
If the domain attribute matches the end of the fully qualified domain name of the host, then path matching is performed to determine if the cookie should be sent. For example, a domain attribute of "acme.com" would match host names "anvil.acme.com" as well as "shipping.crate.acme.com".
Only hosts within the specified domain can set a cookie for a domain. In addition, domain names must use at least two or periods. Any domain in the "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT" categories requires only two periods; all other domains require at least three periods.
PATH=pathName specifies the URLs in a domain for which the cookie is valid. If a cookie has already passed domain matching, then the pathname component of the URL is compared with the path attribute, and if there is a match, the cookie is considered valid and is sent along with the URL request. For example, PATH=/foo matches "/foobar" and "/foo/bar.html". The path "/" is the most general path.
Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...
The EXPIRES value indicates when to purge the mapping. Navigator will also delete a cookie before its expiration date arrives if the number of cookies exceeds its internal limits.
A cookie with a higher-level PATH value does not override a more specific PATH value. If there are multiple matches with separate paths, all the matching cookies are sent, as shown in the examples below.
A CGI script can delete a cookie by returning a cookie with the same PATH and NAME values, and an EXPIRES value which is in the past. Because the PATH and NAME must match exactly, it is difficult for scripts other than the originator of a cookie to delete a cookie.
The Navigator can receive and store the following:
The following examples illustrate the transaction sequence in typical CGI programs. For an example of using cookies with JavaScript, see "cookie".
Client requests a document, and receives in the response:
Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday,
09-Nov-99 23:12:40 GMT
When client requests a URL in path "/" on this server, it sends:
Cookie: CUSTOMER=WILE_E_COYOTE
Client requests a document, and receives in the response:
Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/
When client requests a URL in path "/" on this server, it sends:
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001
Set-Cookie: SHIPPING=FEDEX; path=/foo
When client requests a URL in path "/" on this server, it sends:
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001
When client requests a URL in path "/foo" on this server, it sends:
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001;
SHIPPING=FEDEX
This example assumes all mappings from Example 1 have been cleared.
Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/
When client requests a URL in path "/" on this server, it sends:
Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001
Set-Cookie: PART_NUMBER=RIDING_ROCKET_0023; path=/ammo
When client requests a URL in path "/ammo" on this server, it sends:
Cookie: PART_NUMBER=RIDING_ROCKET_0023;
PART_NUMBER=ROCKET_LAUNCHER_0001