Mastering the Web
   Home    Feedback    Bookmark   
Contents
Website Planning Tutorial
Website Design Tutorial
HTML Tutorial
HTML Tables Tutorial
CGI Tutorial
JavaScript Tutorial
Perl Tutorials
CSS Tutorial
Installing a Web Server
Security Tutorial
HTML Cookies Tutorial
Web Tracking Tutorial
Download Free Programs
F.A.Q.

  1. Introduction
  2. Cookies with Perl and JavaScript
  3. Cookie parameters in JavaScript
  4. Issus concerning cookie acceptance
  5. What to do when cookies are disabled
  6. What to do with cookies

Download FWTLogstat1

Download FWTLogstat2

Cookies Tutorial Introduction

Data interchange throughout the WWW is ruled by a protocol (a set of rules), which receives the name of Hyper Text Transfer Protocol (HTTP). HTTP was crafted as a state-less protocol, which means that any intercourse between a sender and a receiver involves no knowledge about previous and future interactions. Thus when a server receives a request for a Web page, it does not know if it has already received any request from that particular user. The concept of "user session" is inexistent in such an arrangement. If a user accesses many times a Web site, the server program considers each access independently. A problem arises here if you are intending to implement something like a shopping cart, because you have no means to add items to the cart. The cart's contents will be emptied each time the user accesses a new page. To solve problems like this, JavaScript cookies were invented.

Originally a feature of Netscape Navigator, but soon imitated by other browsers, "cookies" are little pieces of text that the browser writes to the hard disk of the client machine, according to a strict specification. In the case of Netscape--and its descendants: Mozilla and Firefox--, all the cookies the browser receives from any server are written to a unique text file. In the case of Internet Explorer, each cookie is written in a file by its own. This makes no difference concerning their utilization. However, it must be remembered that all current browsers may be configured to receive no cookies. Some browsers permit a sophisticated management of cookies, allowing for instance to accept only for some sites or under certain conditions.

The browser does not only receive and store cookies; it also sends them back to the server each time it requests a page. Here is the real utility of cookies: the server can give the browser a cookie when it requests page A and the browser will return the cookie when it requests page B. This way you can work not with isolated page requests, but with what is called a "session." A session is the set of page requests made by a single user.

To implement a session, you must generate a session identifier when the first request arrives, and give it to the browser as a cookie. Each time the same user in the same machine requests a new page, the browser will send the server the cookie with the session identifier that will tell you to which session this request belongs.

The cookie specification (RFC2109) says that the cookie is basically formed by a pair of name and value strings. The name and value are filled in by the server when it first gives the cookie (cookie creation). Later, a script that is processing a request can retrieve the value giving the name as a search key (cookie reading). For example, the name could be "session_id" and the value "1954897."

Additional data can be provided when the cookie is created. A single computer can be used by many people. To prevent the use of a cookie by different people, the simplest way is to specify an expiration time (though more complex methods can be used). In the case of the shopping cart, an expiration time of one hour would be adequate, as we can presume that a person will not spend more than that time to make his purchase. In the case of a person that is registering at a Web site, a longer time (maybe one year) would be advisable. A domain in the guise of "www.mydomain.com" may also be specified.

Suitable default values are provided if the expiration date or the domain is not specified. When the expiration date is not specified, the cookie lasts until the browser is closed. When the domain is not specified, "the host name of the server which generated the cookie response" is used.

The way by which the server gives one or more cookies is by including a special header when it serves a page. A header is a line that is sent before any page content is sent. A cookie header looks like this: 

Set-Cookie: name=value [;EXPIRES= dateValue] [;DOMAIN= domainName]
[;PATH= pathName] [;SECURE]

The way of generating this header varies if the page is a static one, or it is a dynamic page created with PHP, Perl, or any other scripting language.

Previous | Contents | Next

| HOME | FEEDBACK | BOOKMARK |
Build your Website
 © 1999-2008 Hector Castro -- All rights reserved

If your doubt is not answered in this site, please use the
contact form .
I'll answer as soon as posible.
I can help you using instant messaging. To schedule a meeting, please use the
meeting form.
You will find the late news about the free programs offered here on my blog
Free Webmaster Tools
You can get news about updates to my free programs through this
RSS feed.

www.great-web-info.com