Cookies

1
Lesson 8

• Cookies

2
What is a cookie

• A little tarball of information stored on the
  client machines hard drive.
• Usually in the cookies.txt file
• information can be placed in the cookies.txt file
  two ways
• by the client using Javascript
• by the server placing the cookie in the HTTP
  Response Header
• in this case, youll usually be asked it its OK
  to save the cookie by your browser
• the tarball consists of name value pairs

3
Cookie facts

• Cookies are domain specific cookie information
  can only be retrieved by servers in the same
  domain that set the cookie
• If you set a cookie from Javascript it can only
  be retrieved by Javascript
• Cookies are properties of documents ( there is a
  document.cookie)
• Cookie records can contain
• cookie domain (domain of the server)
• whether it need a sucure connection to access the
  cookie
• pathname of URL capable of accessing the cookie
• expiration date
• name/value pairs

4
Cookie limitations

• Not everyone has a cookie-friendly browser (but
  most people do).
• Not everyone who has a cookie-friendly browser
  will accept your cookies (but most people will).
• Each domain is allotted only 20 cookies (on a
  specific client machine), so use them sparingly.
  
• Cookies must be no larger than 4 KB. That's just
  over 4,000 characters, which is plenty.

5
Life Cycle of Cookies

• When you start up your browser the contents of
  cookies.txt is loaded into memory
• during a browser session, cookies (including new
  ones) are kept in memory for speed reasons
• in memory cookies are written to cookies.txt when
  you shut down the browser
• cookies without expiration dates wont be written
  to cookies.txt
• cookies with expiration dates will be persistent
  in cookies.txt until Netscape removed (when they
  expire)

6
Setting cookies

• Setting cookies is more frequently done by
  servers passing a cookie in the HTTP response
  header
• assign the information to document.cookie
• successive assignments are not destructive, they
  keep appending to what is already there
• Javascript limits what you can assign from the
  client as follows

Document.cookie cookieName cookieData
expires
timeInGMTString
path pathName
domain domainName
secure
7
More...

• Name/data - each cookie must have a name and
  data data can contain no spaces (this implies
  URL encoding , use function escape( ) and
  unescape( )
• expires - must be in GMT format (use toGMTString
  function) if expires is omitted cookie is
  temporary and wont be written to cookies.txt
• path - for client side cookies just use the
  default
• Domain - to help synchronize cookie data across a
  set of documents for the specified domain (this
  is known as the cookie domain)
• SECURE - this is really for server-side cookies,
  so omit it.

8
Multiple name/value pairs

• If you want to save multiple name value pairs
  make sure you separate them with some character
  so you can parse them out (like a )

Function getCookieData(label) var labelLen
label.length var cLen document.cookie.len
gth var I 0 var cEnd while ( i lt
cLen) var j I labelLen
if ( document.cookie.substring( I , j ) label
) cEnd document.cookie.indexOf
() , j) if (cEnd -1 )
cEnd document.cookie.length
return unescape(document.cookie.substrin
g(j,cEnd) i
return