"Cookies" (client-side persistent information) and their use

Technical note:20019
Created:07/28/95 by Trip
Last modified:10/24/95 by Brian
Product:Netscape Commerce and Communications Servers
A "cookie" is a small piece of information which a web server (via a
CGI script) can store with a web browser and later read back from that
browser.  This is useful for having the browser remember some specific
information across several pages; for example, when you browse through
a "virtual shopping mall" and add items to your "shopping cart" as you
browse, a list of the items you've picked up is kept in your browser's
cookie file so that you can pay for all the items at once when you're
finished shopping.

A complete explanation of how cookies work is available on
"http://home.netscape.com/newsref/std/cookie_spec.html".  If you need
more information about cookies than what's presented in this tech
note, that's the best place to check next.

To create a cookie, a web server sends a "Set-Cookie" HTTP header line
like this one in response to a URL access from a browser:

  Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure

NAME and VALUE are the actual information you're including in the
cookie.  DATE is the time at which the cookie information expires and
will be "forgotten" by the browser.  DOMAIN is a host or domain name
for which the cookie is valid.  PATH specifies a subset of the URLs at
that server for which the cookie is valid.  If you include "secure" in
your cookie, then the cookie will only be transmitted over an SSL
connection.

All of these fields except NAME=VALUE are optional.

Whenever the browser sends an HTTP request for a URL on a server which
it has stored cookies for, it includes a line of the form:

  Cookie: NAME=VALUE; NAME=VALUE; ...

which lists all cookies that apply.

Here is a sample CGI program (a Unix shell script) that sends a cookie:

  #!/bin/sh
  echo "Content-type: text/html"
  echo "Set-cookie: MeLove=Cookie%20Monster; expires=Thursday, 01-Jan-98 12:00:00 GMT"
  echo ""
  echo "<H1>Me love Cookie Monster.  Me love cookies.</H1>"

This stores "MeLove=Cookie Monster" with the browser.  (Note that the
space in the value must be represented as a "%20" in the cookie.)

And here is a script that reads a cookie:

  #! /bin/sh
  echo "Content-type: text/html"
  echo ""
  echo "Here is your cookie (munch munch):<P>"
  echo "$HTTP_COOKIE<P>"

By the way, if you came to this tech note hoping to find recipes for
yummy cookies, then don't despair -- take a look at
"http://www.vuw.ac.nz/~amyl/recipes/cookies/".

Find out more about Netscape at info@netscape.com, or call 415/528-2555.
Copyright © 1995 Netscape Communications Corporation