This simple mechanism provides a powerful new tool which enables a host of new types of applications to be written for web-based environments. Shopping applications can now store information about the currently selected items, for fee services can send back registration information and free the client from retyping a user-id on next connection, sites can store per-user preferences on the client, and have the client supply those preferences every time that site is connected to.
This is the only required attribute on the Set-Cookie header.
expires=DATE
The expires attribute specifies a date string that
defines the valid life time of that cookie. Once the expiration
date has been reached, the cookie will no longer be stored or
given out.
The date string is formatted as:
Wdy, DD-Mon-YY HH:MM:SS GMTThis is based on
expires is an optional attribute. If not specified, the cookie will expire when the user's session ends.
Note: There is a bug in Netscape Navigator version 1.1 and earlier. Only cookies whose path attribute is set explicitly to "/" will be properly saved between sessions if they have an BexpiresB attribute.
BdomainB=IDOMAIN_NAMEI
When searching the cookie list for valid cookies, a comparison of the
domain
attributes of the cookie is made with the Internet domain name of the
host from which the URL will be fetched. If there is a tail match,
then the cookie will go through path matching to see if it
should be sent. "Tail matching" means that domain attribute
is matched against the tail of the fully qualified domain name of
the host. A domain attribute of "acme.com" would match
host names "anvil.acme.com" as well as "shipping.crate.acme.com".
Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
The default value of domain is the host name of the server which generated the cookie response.
DT path=PATH
DD
The path attribute is used to specify the subset of URLs in a
domain for
which the cookie is valid. If a cookie has already passed domain
matching, then the pathname component
of the URL is compared with the path attribute, and if there is
a match, the cookie is considered valid and is sent along with
the URL request. The path "/foo"
would match "/foobar" and "/foo/bar.html". The path "/" is the most
general path.
If the path is not specified, it as assumed to be the same path as the document being described by the header which contains the cookie.
secure
If a cookie is marked secure, it will only be transmitted if the
communications channel with the host is a secure one. Currently
this means that secure cookies will only be sent to HTTPS (HTTP over SSL)
servers.
If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.
Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...
Similarly, if a client request contains a Cookie: header, it should be forwarded through a proxy, even if the conditional If-modified-since request is being made.
Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT
Cookie: CUSTOMER=WILE_E_COYOTE
Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001
Set-Cookie: SHIPPING=FEDEX; path=/foo
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001; SHIPPING=FEDEX
Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/
Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001
Set-Cookie: PART_NUMBER=RIDING_ROCKET_0023; path=/ammo
Cookie: PART_NUMBER=RIDING_ROCKET_0023; PART_NUMBER=ROCKET_LAUNCHER_0001