otsukare Thoughts after a day of work

Production of Cookies for Web Developers

Some cookies are really bad for your health and you have to be careful when you cook them. A very simple cookie looks like that when the server sends it to the client:

Set-Cookie: cookieName=cookieValue

but more often it will looks like this

Set-Cookie: cookieName=cookieValue; Path=/;

Sometimes they will contain an Expire date.

Set-Cookie: cookieName=cookieValue; Expires=Wed, 09 Jun 2021 10:18:14 GMT

Cookies are defined in the specification 2695 and now in the specification HTTP State Management Mechanism currently written by Adam Barth. The production rules for the servers are strict and defined in the section 4.1. Set-Cookie.

These are a set of rules you have to check when you are coding either javascript or your Web framework to produce cookies.

Then optionally you can add

Just a little reminder because this morning I stumbled across a cookie which was badly defined on a Website:

Set-Cookie: {$aaa|xxx:"zzz"}=foo

the characters {, }, " and : are forbidden here.