Adds a cookie to the current Response headers.

Cookies are used to store small pieces of persistent information for the server to remember users by. Typically these values should be kept very small and hold only key values to look up additional information about a user. Cookie space is limited in browsers and all applications running on a given site share the cookie space, so don't abuse use of it.

For more info on cookies and values you can look at the MDN topic on Set-Cookie.

Setting Simple Cookies without Options


There are additional parameters that allow you set expiration and cookie options, but if you need to set extra optoins we recommend you use the more comprehensive wwCookie parameter to set the options you need.

Using wwCookie to set complex cookies

The recommended way to add a cookie is:

loCookie = CREATEOBJECT("wwCookie")
loCookie.CookieName = "testvalue"
loCookie.Value = "NewValue"
loCookie.Expires = DATE() + 10
loCookie.SameSite = "None"
loCookie.Secure = .T.
loCookie.HttpOnly = .T.

* lcCookieVal = loCookie.ToString()  && returns the generated cookie text

Response.AddCookie(loCookie)   && add the Cookie to the current Response

Note that many of the properties are optional - only CookieName and Value are required. For more information on the values to set see that wwCookie class.

o.AddCookie(toCookie | 
            tlHttpOnly, tlSecure)


An instance of a wwCookie object with its values set.

The name of the Cookie to set.

The string value of the cookie

Optional - The Web server path to set the cookie on on. Default: / Note it's best to leave this set for the root folder (/) as there are problems in older browsers respecting pathed cookies properly.

Optional - Determines how long the cookie is valid. You can specify the expiration in one of these formats:

    * MimeDate format string: Sun, 28-Dec-2015 01:01:01 GMT * DateTime value of absolute expiration date/time * Number of seconds * `"NEVER"` (expires in 1 year)

If passed as empty (.F. or "") the cookie expires when the browser is shut down, which is the default browser behavior.

Optional domain name if you want to be explicit. You can also specifify .mydomain.com to set a cookie for all subdomains (ie. mydomain.com,www.mydomain.com,store.mydomain.com) etc. If not specified the domain of the current request is applied by the browser.

Sets the HttpOnly flag on a cookie. HttpOnly cookies cannot be accessed in client script and thus mitigate the risk of Cross Site Script attacks against cookie access from script. default: .T.

Sets the Secure flag on a cookie. default: .F.

See also:

Class wwPageResponse

© West Wind Technologies, 1996-2022 • Updated: 09/02/22
Comment or report problem with topic