HTML and CSS Reference
In-Depth Information
method, which returns URL encoding for a string, acceptable to the browser. (See the
section “Assigning Cookie Attributes” on page 702.)
Expiration Date.
The cookie normally expires when the current browser session
ends, which gives it little value, but you can specify an expiration date that will let it
persist, by using the following format:
FORMAT
;expires=Weekday, DD-MON-YY HH:MM::SS GMT
EXAMPLE
;expires= Friday, 15-Mar-04 12:00:00 GMT
The day of the week is specified by
Weekday
, the day of the month by
DD
, the first
three letters of the month by
MON
, and the last two numbers of the year by
YY
(e.g.,
03
or
04
). The hour, minutes, and seconds are specified in
HH:MM:SS
and the GMT time
zone is always used. Some cookies last for days, but it's possible for them to even last for
years. It's up to the designer to decide how long a cookie should live. If sensitive infor-
mation is contained in a cookie, setting the expiration date also can limit a potential
attacker from intercepting the cookie as it is transported back and forth across the net-
Once the cookie has expired it is called stale and is automatically destroyed.
Domain Name.
The domain name, not commonly used, specifies a general domain
name to which the cookie should apply. Each cookie has a domain and a path, if not set,
the page that set the cookie. The domain tells the browser to which domain the cookie
should be sent. The purpose of setting the domain is to allow cookies to cross sub-
domains; it allows the cookie to be shared among multiple servers instead of just the one
you're on. If you don't use the full
http://domain
syntax, then a leading dot must precede
the domain name.
FORMAT
; domain=.domain_name
; domain=http://somedomain.com
EXAMPLE
; domain=.kajinsky.com
; domain=http://kajinksy.com
