To set a cookie named <cookie name> to value <cookie value>, use set-cookie statement. A cookie can be set before or after sending out a header (see
out-header). However a cookie must be set prior to outputting any actual response (such as with
output_statement or
p-out for example), or the program will error out and stop.
Cookie's <expiration> date (as a a string, see
get-time) is given with
"expires" clause. The default is session cookie meaning the cookie expires when client session closes.
Cookie's <path> is specified with
"path" clause. The default is the URL path of the
request_URL.
Whether a cookie applies to the same site is given with
"same-site" clause along with possible values of
"Lax",
"Strict" or
"None".
By default a cookie is not accessible to client scripting (i.e.
"HttpOnly") -you can change this with
"no-http-only" clause.
Use
"secure" if a secure connection (https) is used, in order to specify this cookie is available only with a secure connection.
Cookies are commonly used for session maintenance, tracking and other purposes. Use
get-cookie and
delete-cookie together with set-cookie to manage cookies.
To set a cookie named
"my_cookie_name" to value
"XYZ", that will go with the reply (back to the client, such as a browser) and expire in 1 year and 2 months from now, use:
get-time to define mytime year 1 month 2
char *my_cookie_value="XYZ";
set-cookie "my_cookie_name"=my_cookie_value expires mytime path "/" same-site "Lax"
A cookie that can be used by JavaScript (meaning we use no-http-only clause):
set-cookie "my_cookie_name"=my_cookie_value no-http-only
