Cookie fillings/Web Developer® Vol. 2 No. 3

Cookie fillings

Set-Cookie: HTTP header line

Delimiter Semicolon

variable=value One set per Set-Cookie header; any number of headers may be used that combined are less than 4,096 characters for the variable=value pairs.

Expires Uses standards for HTTP header; see "Resources" for more on headers.

Path Defines the subdirectory level in the site for which the cookie should be recursively fed out by the browser for the server. The default is "/"; however, Netscape 1.1 has a bug that requires the default to be explicitly set to "/" or the cookie isn't stored at all.

Domain The set of domains for which this cookie should be returned. The full domain name can be used, or, if there are multiple servers, using ".domain.com" will act as a wildcard for any host.domain name.
There is a limit of 20 cookies per domain specified here (i.e., 20 per any match for .domain.com or 20 per host.domain.com).

Secure The cookie can be set to be fed out only over an SSL (Netscape-style) connection if you include the word "secure."

Example Set-Cookie: 40241=5; Path="/order"; Expires="05-May-96 GMT"

To do the same thing in HTML, you package it inside the <HEAD> tags by specifying the kind of HTTP header in HTTP-EQUIV, and the value of the header in CONTENT. For instance: <HEAD><META HTTP-EQUIV="Set-Cookie" CONTENT="frogparts=1; expires=01-Jan-97 13:21:17 GMT"></HEAD>
The browser, when it determines it has any cookies appropriate for the server and path, will feed Cookie: variable=value; variable=value

Set-Cookie:	HTTP header line
Delimiter	Semicolon
variable=value	One set per Set-Cookie header; any number of headers may be used that combined are less than 4,096 characters for the variable=value pairs.
Expires	Uses standards for HTTP header; see "Resources" for more on headers.
Path	Defines the subdirectory level in the site for which the cookie should be recursively fed out by the browser for the server. The default is "/"; however, Netscape 1.1 has a bug that requires the default to be explicitly set to "/" or the cookie isn't stored at all.
Domain	The set of domains for which this cookie should be returned. The full domain name can be used, or, if there are multiple servers, using ".domain.com" will act as a wildcard for any host.domain name. There is a limit of 20 cookies per domain specified here (i.e., 20 per any match for .domain.com or 20 per host.domain.com).
Secure	The cookie can be set to be fed out only over an SSL (Netscape-style) connection if you include the word "secure."
Example	Set-Cookie: 40241=5; Path="/order"; Expires="05-May-96 GMT"