HTTP Developer’s Handbook

Restricting Access with Cookie Attributes

When a Web server adds a Set-Cookie response header to the HTTP response, it includes additional information about the access restrictions for the cookie. To further discuss this point, this section introduces two example uses of the Set-Cookie response header:

Set-Cookie: first_name=chris; domain=.httphandbook.org; 
            expires=Tue, 21 May 2002 12:34:56 GMT; path=/; secure 

Set-Cookie: first_name=chris

In the first example, the server is asking the Web client to store a cookie called first_name with a value of chris. The rest of the attributes provide additional information about the access restrictions to be imposed on this cookie. Breaking down each additional attribute (the list of attributes is delimited ...

Get HTTP Developer’s Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

HTTP Developer’s Handbook by Chris Shiflett

Restricting Access with Cookie Attributes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly