4 This gives a short overview about cookies in general and their
5 implementation in the CGI library in detail. The use of cookies is
6 described in two partially different ways. Netscape has released
7 their standard and an RFC (2109) has been filed from Bell Labs. Both
8 documents are found through "More Information".
13 The server initiates a session by sending a cookie to the client.
14 The server may transmit one or more cookies by using the additional
15 HTTP header "Set-Cookie" like
17 Set-Cookie: foo=bar; Version=1; Path=/foo; Domain=.foo.org
19 This cookie would only be available within any host that matches
20 *.foo.org. According to RFC 2109 * may not contain a dot, according
21 to Netscape's documentation it may. The client would only send the
22 cookie back to the server if the URL is within /foo on that server.
24 When more than one cookie are to be transmitted they are separated
25 with a comma. Attributes are separated with a semicolon.
27 If the current URL doesn't match the Path attribute or the hostname
28 doesn't match the Domain attribute, the client will ignore the
34 When the client requests a web page, it checks if the location is
35 within the scope of one or more cookies. If so it sends them, ordered
36 by the most matching one, like:
38 Cookie: $Version=1; foo=bar; $path=/; bar=foo; $path=/foo
40 Attributes belong to the most left name=value pair. Attributes
41 specified before such a pair are valid for all subsequent cookies.
46 Cookie ::= <header> ":" <attr> *( ";" <attr> )
47 <header> ::= "Cookie" | "Set-Cookie"
48 <attr> ::= <attr-name> [ "=" <value> ]
49 <attr-name> ::= <token>
50 <value> ::= <token> | <quoted-string>
51 <token> ::= sequence of non-special, non-white space characters
53 Attribut names (<attr-name>) are case-insensitive. Spaces may be
54 used between tokens and within attribute values. Some attributes
55 don't require a value.
57 The Set-Cookie header uses these attributes:
59 <cookie> ::= NAME "=" VALUE *( ";" <attr> ) # required
60 <attr> ::= "Comment" "=" value # optional
61 | "Domain" "=" value # optional
62 | "Max-Age" "=" value # optional
63 | "Path" "=" value # optional
65 | "Version" "=" 1*DIGIT # required
67 Apart from the cookie itself as NAME "=" VALUE the Cookie header as
68 sent by the client uses only $Version, $Path and $Domain which are
69 both optional. The value of the Version attribute must be the value
70 from the Version attribute, if any, of the corresponding Set-Cookie
73 <cookie> ::= <version> *( ( ";" | "," ) <cookie-value> )
74 <cookie-value> ::= NAME "=" VALUE [";" <path>] [";" <domain>]
75 <path> ::= "$Path" "=" value
76 <domain> ::= "$Domain" "=" value
78 Note: For backward compatibility, the separator in the Cookie
79 header is semi-colon (;) everywhere. A server should also accept
80 comma (,) as the separator between cookie-values for future