Adds a cookie to the current Response headers.

Cookies are used to store small pieces of persistent information for the server to remember users by. Typically these values should be kept very small and hold only key values to look up additional information about a user. Cookie space is limited in browsers and all applications running on a given site share the cookie space, so don't abuse use of it.

For more info on cookies and values you can look at the MDN topic on Set-Cookie.

            tlHttpOnly, tlSecure,


The name of the Cookie to set.

The string value of the cookie

Optional - The Web server path to set the cookie on on. Default: / Note it's best to leave this set for the root folder (/) as there are problems in older browsers respecting pathed cookies properly.

Optional - Determines how long the cookie is valid. You can specify the expiration in one of these formats:

    * MimeDate format string: Sun, 28-Dec-2015 01:01:01 GMT * DateTime value of absolute expiration date/time * Number of seconds * `"NEVER"` (expires in 1 year)

If passed as empty (.F. or "") the cookie expires when the browser is shut down, which is the default browser behavior.

Optional domain name if you want to be explicit. You can also specifify .mydomain.com to set a cookie for all subdomains (ie. mydomain.com,www.mydomain.com,store.mydomain.com) etc. If not specified the domain of the current request is applied by the browser.

Sets the HttpOnly flag on a cookie. HttpOnly cookies cannot be accessed in client script and thus mitigate the risk of Cross Site Script attacks against cookie access from script.

Sets the Secure flag on a cookie.

If true adds the SameSite=strict option which prevents the cookie from getting sent or being accessible for cross-origin requests.

See also:

Class wwPageResponse

© West Wind Technologies, 1996-2019 • Updated: 03/06/19
Comment or report problem with topic