Cookies

What Is a Cookie?

A "cookie" is a small piece of information which a CGI script can store with a web browser and later read back from that browser.

To create a cookie, an application sends a "Set-Cookie" HTTP header line like this one in response to a URL access from a browser:

    Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure

NAME and VALUE are the actual information you're including in the cookie.
DATE is the time at which the cookie information expires and will be "forgotten" by the browser.
DOMAIN is a host or domain name for which the cookie is valid.
PATH specifies a subset of the URLs at that server for which the cookie is valid.
If you include "secure" in your cookie, then the cookie will only be transmitted over an SSL connection.

All of these fields except NAME=VALUE are optional. It is recommended to set the DOMAIN and PATH, as some browsers do not recognize the cookie, if they are not set.

Whenever the browser sends an HTTP request for a URL on a server for which it has stored cookies, it includes a line of the form:

    Cookie: NAME=VALUE; NAME=VALUE; ...

which lists all cookies that apply, which can be read by calling the Web Server/400 Get Environment Variable API.

Examples of Using Cookies

Setting a Cookie

Here is an example of the HTML generated by the store application to set the cookie:

    Content-type: text/html
    Set-Cookie: ITEMS=PROD1,1&PROD2,2; path=/qsys/merchant/; domain=www.xyz.com
    
    <HTML>...</HTML>

This sets a cookie that stores that the user selected one of PROD1 and two of PROD2. Since there is no expiration date, the cookie will disappear when the customer closes the browser.

Reading a Cookie

To read the cookie the store calls the Web Server/400 Get Environment Variable API. It passes in an environment variable of "HTTP_COOKIE" which returns the following:

    ITEMS=PROD1,1&PROD2,2

Deleting a Cookie

To delete a cookie, you can set the value of the cookie to blank. Here is an example of the HTML generated by the store application to clear the cookie after the order has been completed:

    Content-type: text/html
    Set-Cookie: ITEMS=; path=/qsys/merchant/; domain=www.xyz.com
    
    <HTML>...</HTML>

Advantages and Disadvantages of Using Cookies

We used cookies in our application to allow us to store what the user has selected to be ordered. We used cookies for the following reasons:

The data becomes attached to the customer. If he/she starts to make an order and then jumps to a different HTML document and returns later, the items that had been selected earlier are still selected.
The Order Form could be on several screens, with each screen adding information to the cookie.

The disadvantages of using cookies for this application are:

If a user has an old browser that doesn't support cookies, this application will not work.
In some browsers a user can turn on a warning everytime an application attempts to write a cookie. If the user accepts the cookie, everything works fine.