Cookies

Setting the Cookie

• Set-Cookie: key=value; expires=date; path=path; domain=inet domain

• path specifies subset of URLs for which cookie is valid

• domain specifies domain for which cookie is valid

• Can specify 'secure' to only transmit cookies on secure connections

• More than one such header may be used in a document

Accessing the Cookie

• Environment variable HTTP_COOKIE

• Just like QUERY_STRING but fields separated by semicolons

Disadvantages of Cookies

• Not supported by all browsers

• Size limited to 4K

• Only 20 cookies allowed per domain, 300 per user