Previous Next Contents Glossary Index References Cover License

Appendix 1 - Cookie

A cookie is a piece of software that a server sends back to a client browser as part of the response headers. It contains informations derived from the request and its processing. The client browser is to store it in its files, and include it as a header in future requests to the server.

One piece of information contained in a cookie is the range of URLs for which it is valid, i.e. the cookie is sent along with a request only if the request URL falls into this range. Practically, a URL identifies the path of the requested file in the server, so that the URL range indicates for which directories and files a cookie is valid. With a well organized file system, the URL range indicates the type of processing requested.

A given request may fall into the URL range of more than one cookie, so that more than one cookie can be sent to the server.

The rest of the informations carried by a cookie is some sort of past experience on the handling the requests of a kind, and helps the server better know what to do. This can avoid repeated requests for informations from the user.

2. Code

2.1 The Set-Cookie response header

A cookie is sent to the client in the Set-Cookie HTTP response header (not defined in RFC2616) which has the following syntax:

Set-Cookie: cookie-name=string-value expires=date domain=domain-name path=path-value secure

where:

cookie-name	is the name assigned to the cookie
string-value	is the character string that conveys the informations of the cookie. This string can contain any character except comma, semi-colons and white-space
date	is the cookie expiration date, in the format `wdy, dd-Mon-yyyy hh:mn:ss GMT` Example: Fri, 24-Sep-2004 11:17:35 GMT
domain-name	is the domain and sub-doamin name to be matched with the request URL host name part, as described below
path-value	is the path sequence to be matched with the beginning of the request URL path path information, as described below
secure	is an optional key-word. When coded, the cookie is to be sent only on a secured line.

The other words are key-words to be coded as is.

2.2 Matching a request URL with a cookie

A request URL has the following format:

http://host-name:port/path-info?parameters

where:

`host-name`	is the host name part of the request (it identifies the server to which the request is sent)
`/path-info`	is the path information of the request (it identifies the requested file in the server)
`?parameters`	are the optional parameters to be passed for processing

To find the cookies that match a request, each cookie domain-name value is compared to the request host name part. If the request host name ends with the cookie domain-name, there is a match. This is so because in a host name, domain and subdomains are named backward, from right to left -- in the name:

zzz.yyy.xxx.com

`xxx.com`	is the domain name
`yyy`	is a subdomain of the first level
`zzz`	is a subdivision of `yyy`

If this is the request URL host name, it would match a domain-name like y.xxx.com

If the domain-name matches, a match is sought for with the path information.

A cookie path information matches a request path information if it is contained as a starting substring in the latter. Example:

/appl/scr in a cookie
would match the path information
/appl/script/php/calculus.php of a request.

2.3 The Cookie request header

The information strings from all the matching cookies are sent by the browser to the server, in a Cookie header. This has the format:

Cookie: cookie-name=string-value; ...

where:

`cookie-name`	is the name of a matching cookie
`string-value`	is the string value contained in the cookie
`...`	stands for additional cookie `name=value` pairs, if any

The other characters are coded as is.

Previous Next Contents Glossary Index References Cover License