Simple Cookie Logic

The following code in a "simple.html" file shows two separate things:

First, it shows a Javascript function called "showAlert" that causes an alert box to be displayed on your screen.  The function is called when you "Click here" on the button.

The second thing is the document.cookie setting which is executed immediately within the HEAD section.  There are several strings.  The first is the "name" of the cookie followed by an equal sign.  The second is the "value" to be assigend to the cookie.

Note that the escape operation is applied to the value to cause all blanks and special characters to be turned into %hh hex-values.  This is to insure the value is a non-blank string, and things like quotes and semi-colons aren't interpreted as either Javascript or HTML code.

When this page is retrieved by a browser which has Javescript and Cookies enabled, document.cookie sends a Cookie to the browser.  The "path=/" parameter tells the browser to accept any path on the server that sent this page.  On any future visits to this same server, the saved Cookie will be returned to the server in the request header.

The server can access the Cookie information in several way.  The simplest is to process the HTTP_COOKIE environment variable set up by the server when it requests executable code.  There are several examples, but PERL scripts are the most common.

In a "perl" script, you would access the HTTP_COOKIE variable with the ENV function, something like this:

Note the use of curly brackets, not parenthesis.  If $cookie isn't null, it contains one or more "name=value" strings separated by semi-colon blank.  Here is an example:

You would look for the appropriate "name=" string, and retrieve it's associated value.  It might be easier to process if you append another semi-colon to the end of the non-blank $cookie retrieved.  Every value would then end in a semi-colon.

In a PHP file which is mainly HTML, but contains imbedded PHP statements, you could retrieve a specific cookie's value like this:

If you are looking for the cookie on the server side, and it doesn't exist, then you can try to create it by setting up a reply page that includes the desired cookie in the response header.  In this case, the response header is being sent to the client (browser).  Instead of just the normal header, which always ends in a blank line:

You would have an extra line, like this:

This has the same effect as the Javascript, but is easier to create if you have complete control in creating the response header.

There are other parameters for both the Javascript document.cookie and the response header.  You can have a different path, along with things like expiration date/time, domain, and the reserved word "secure".  The general form is:

There is plenty of documentation on the web, like these:

If your are using SUSPIRES to input or output, then you have complete control to create response headers, and to encode or decode cookie values.  To output an encoded cookie, use the $HTML(encode,'value') function.  The result of the function will create a value with %hh hex-values where needed.  Something like this:

Be aware that document.cookie is used in Javascript, but Set-Cookie is used in response headers.

On the input side, you can retrieve the string of cookies as follows:

#cookievalue should be the non-null value of the cookie you are looking for. Usually the SUSPIRES protocol inputs your user's input fields, buttons, and choice lists. You then get control in your protocol and read in the cookies (see above).  Finally your protocol outputs the response page, including the header with Set-Cookie, or Javascript's document.cookie included in HEAD.

Click on this link to return to the main SUSPIRES index.