This simple mechanism provides a powerful new tool which enables a host of new types of applications to be written for web-based environments. Shopping applications can now store information about the currently selected items, for fee services can send back registration information and free the client from retyping a user-id on next connection, sites can store per-user preferences on the client, and have the client supply those preferences every time that site is connected to.
Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure
This is the only required attribute on the Set-Cookie header.
The date string is formatted as:
Wdy, DD-Mon-YYYY HH:MM:SS GMTThis is based on RFC 822, RFC 850, RFC 1036, and RFC 1123, with the variations that the only legal time zone is GMT and the separators between the elements of the date must be dashes.
expires is an optional attribute. If not specified, the cookie will expire when the user's session ends.
Note: There is a bug in Netscape Navigator version 1.1 and earlier. Only cookies whose path attribute is set explicitly to "/" will be properly saved between sessions if they have an expires attribute.
Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
The default value of domain is the host name of the server which generated the cookie response.
If the path is not specified, it as assumed to be the same path as the document being described by the header which contains the cookie.
If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.
Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...
Similarly, if a client request contains a Cookie: header, it should be forwarded through a proxy, even if the conditional If-modified-since request is being made.
Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT
Cookie: CUSTOMER=WILE_E_COYOTE
Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001
Set-Cookie: SHIPPING=FEDEX; path=/foo
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001
Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001; SHIPPING=FEDEX
Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/
Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001
Set-Cookie: PART_NUMBER=RIDING_ROCKET_0023; path=/ammo
Cookie: PART_NUMBER=RIDING_ROCKET_0023; PART_NUMBER=ROCKET_LAUNCHER_0001