Server Administration
  Home arrow Server Administration arrow Page 2 - HTTP State Management with Cookies
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
Download TestComplete 
Forums Sitemap 
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SERVER ADMINISTRATION

HTTP State Management with Cookies
By: Bruce Coker
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2008-08-27

    Table of Contents:
  • HTTP State Management with Cookies
  • Cookie structure
  • Implementation
  • Cookies and PHP
  • Web Server Cookie Support
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    HTTP State Management with Cookies - Cookie structure
    (Page 2 of 5 )

    A cookie is structured as a simple text file. The syntax and structure of the cookie header is set out in RFC 2965 which covers the HTTP State Management Mechanism. This specifies that the cookie is to start with a name=value pair, which contains the main content. For example, the name might be "user_ID" and the value "12345678." A numerical value such as this would most probably be paired with a "friendly" user ID in a database entry on the web server.

    The name entry is followed by specific attributes. Most of these are in the form of pairs with a value, but some stand alone. All the attributes are optional except the version, which is required.

    Valid attributes are:

    • Comment=value
      The comment attribute is usually used to describe the cookie's purpose.

    • CommentURL=value
      This attribute contains a URL that links to additional information about the cookie.

    • Discard
      This attribute takes no value. It is an instruction to the user agent to unconditionally remove the cookie on termination.

    • Domain=value
      The domain attribute specifies the domain for which the cookie is valid.

    • Path=value
      The path attribute can be used to limit the application of the cookie to a subset of URLs.

    • Max-age=value
      This attribute determines the lifetime of the cookie in seconds. A value of 0 specifies that the cookie should be discarded immediately.

    • Port[="portlist"]
      The purpose of the port attribute is to limit the ports to which the cookie may be returned. The portlist value must be in quotes even if it only contains a single port number.

    • Secure
      The secure attribute take no value. Its purpose is to specify that the user agent should only return the cookie over a secure connection, typically https. However, it is up to the user agent to determine what constitutes an appropriate level of security.

    • Version: This required attribute's value takes the form of a decimal integer. It defines to which version of the state management specification the cookie conforms.


    All this is best illustrated with an example. Let's say you want to define a cookie for the root path of the domain cookies4ever.com to contain a user ID. The cookie should endure for up to 1000 seconds, should not require a secure connection, and should conform to version 1 of the specification. To meet these requirements the cookie header issued by the web server would look something like this:

    Set-cookie: user_ID=12345678; Max-Age = 1000; Domain = cookies4ever.com; Path = /; Version = 1

    Next: Implementation >>
     

    More Server Administration Articles
    More By Bruce Coker


     
    >>> Be the FIRST to comment on this article!

    SERVER ADMINISTRATION ARTICLES

    - Processes in the UNIX Shell
    - Migrating from Windows to Wine
    - Wine: Not Another Emulator
    - Preventive Measures to Block SSH Attacks
    - Monitoring Temperatures with Cacti
    - Cacti: RRDTool-based Graphing Solution
    - Network Magic 5.0 Review
    - Netfilter and Iptables Overview
    - Installing and Configuring Squid
    - Clickfree PC Backup Systems Compared
    - Squid, the Caching Proxy
    - Regular Expressions in the Unix Shell
    - Source Code Version Control Solutions
    - OTRS: Open Source Ticket Request System
    - Clonezilla: Free Mass Disk-Cloning Utility
    Find More Server Administration Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 2 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek