Vely logo install | documentation | examples | changelog
16.10.0 released May 10, 2023
set-cookie

Purpose: Set cookie.

set-cookie <cookie name>=<cookie value> \
    [ expires <expiration> ] \
    [ path <path> ] \
    [ same-site "Lax"|"Strict"|"None" ] \
    [ no-http-only [ <no-http-only> ] ] \
    [ secure [ <secure> ] ]

To set a cookie named <cookie name> to value <cookie value>, use set-cookie statement. A cookie can be set before or after sending out a header (see out-header). However a cookie must be set prior to outputting any actual response (such as with output_statement or p-out for example), or the program will error out and stop.

Cookie's <expiration> date (as a a string, see get-time) is given with "expires" clause. The default is session cookie meaning the cookie expires when client session closes.

Cookie's <path> is specified with "path" clause. The default is the URL path of the request_URL.

Whether a cookie applies to the same site is given with "same-site" clause along with possible values of "Lax", "Strict" or "None".

By default a cookie is not accessible to client scripting (i.e. "HttpOnly") -you can change this with "no-http-only" clause. That will be the case if "no-http-only" clause is used without optional bool expression <no-http-only>, or if <no-http-only> evaluates to true.

Use "secure" if a secure connection (https) is used, in order to specify this cookie is available only with a secure connection. That will be the case if "secure" is used without optional bool expression <secure>, or if <secure> evaluates to true.

Cookies are commonly used for session maintenance, tracking and other purposes. Use get-cookie and delete-cookie together with set-cookie to manage cookies.
Examples
To set a cookie named "my_cookie_name" to value "XYZ", that will go with the reply (back to the client, such as a browser) and expire in 1 year and 2 months from now, use:
get-time to define mytime year 1 month 2
char *my_cookie_value="XYZ";
set-cookie "my_cookie_name"=my_cookie_value expires mytime path "/" same-site "Lax"

A cookie that can be used by JavaScript (meaning we use no-http-only clause):
set-cookie "my_cookie_name"=my_cookie_value no-http-only

See also
Cookies ( delete-cookie   get-cookie   set-cookie  )  SEE ALL (documentation)


Copyright (c) 2017-2023 Dasoftver LLC