19.0.0 released Nov 08, 2023
Set cookie

Purpose: Set cookie.

set-cookie <cookie name>=<cookie value> \
    [ expires <expiration> ] \
    [ path <path> ] \
    [ same-site "Lax"|"Strict"|"None" ] \
    [ no-http-only [ <no-http-only> ] ] \
    [ secure [ <secure> ] ]

To set a cookie named <cookie name> to value <cookie value>, use set-cookie statement. A cookie can be set before or after sending out a header (see out-header). However a cookie must be set prior to outputting any actual response (such as with output-statement or p-out for example), or the program will error out and stop.

Cookie's <expiration> date (as a a string, see get-time) is given with "expires" clause. The default is session cookie meaning the cookie expires when client session closes.

Cookie's <path> is specified with "path" clause. The default is the URL path of the request-URL.

Whether a cookie applies to the same site is given with "same-site" clause along with possible values of "Lax", "Strict" or "None".

By default a cookie is not accessible to client scripting (i.e. "HttpOnly") -you can change this with "no-http-only" clause. That will be the case if "no-http-only" clause is used without optional bool expression <no-http-only>, or if <no-http-only> evaluates to true.

Use "secure" if a secure connection (https) is used, in order to specify this cookie is available only with a secure connection. That will be the case if "secure" is used without optional bool expression <secure>, or if <secure> evaluates to true.

Cookies are commonly used for session maintenance, tracking and other purposes. Use get-cookie and delete-cookie together with set-cookie to manage cookies.
Examples
To set a cookie named "my_cookie_name" to value "XYZ", that will go with the reply (back to the client, such as a browser) and expire in 1 year and 2 months from now, use:
get-time to define mytime year 1 month 2
char *my_cookie_value="XYZ";
set-cookie "my_cookie_name"=my_cookie_value expires mytime path "/" same-site "Lax"

A cookie that can be used by JavaScript (meaning we use no-http-only clause):
set-cookie "my_cookie_name"=my_cookie_value no-http-only

See also
Cookies
delete-cookie  
get-cookie  
set-cookie    
See all
documentation


You are free to copy, redistribute and adapt this web page (even commercially), as long as you give credit and provide a dofollow link back to this page - see full license at CC-BY-4.0. Copyright (c) 2019-2023 Dasoftver LLC. Vely and elephant logo are trademarks of Dasoftver LLC. The software and information on this web site are provided "AS IS" and without any warranties or guarantees of any kind. Icons from table-icons.io copyright Paweł Kuna, licensed under MIT license.