The JSP Files (part 6): State Of Grace - A Few Ground Rules (
Page 3 of 9 )
Since cookies are used to record information about your activities on a
particular site, they can only be read by the site that created them. For
example, Yahoo and Deja.com store your username in a cookie on your hard
drive and use this information to automatically fill in log-in forms the
next time you visit their Web sites. It's kinda like going to a chic
restaurant, and having the maitre'd call you by name (something which
hasn't happened to us of late!)
Before getting into the nitty-gritty of cookie technology, a few ground
rules are in order:
1. A single domain cannot set more than twenty cookies. A single cookie
cannot exceed 4 KB in size. The maximum number of cookies that may be set
is 300.
2. The most common method of transmitting a cookie to a client is via the
"Set-Cookie" HTTP header.
3. A cookie usually possesses five types of attributes.
The first of these is a NAME=VALUE pair, used to store information such as
a username, email address or credit-card number. The NAME is a string used
to identify the cookie, while the VALUE is the data to be stored in the
cookie. For example,
clarkkent=superman
The EXPIRES attribute defines the date on which the cookie is automatically
removed from the system. The date must be in the format "weekday, dd-mon-yy
hh:mm:ss GMT". For example,
expires="Sun, 31-Dec-2030 17:51:06 GMT"
Cookies without a specifically defined expiry date remain active for so
long as the browser remains open, and are destroyed once the browser is
closed. You can delete an existing cookie be setting this attribute to a
date in the past.
The PATH attribute is used to set the top-level directory on the Web server
from which cookies can be accessed. In most cases, this is set to
path=/
to ensure that the cookie can be accessed by each and every document on the
server.
The DOMAIN attribute is used to specify the domain which the cookie is
linked to, and the SECURE attribute indicates that a cookie should only be
set if there exists a secure protocol between the browser and the server.
4. Of all the five attributes, the first is the only one that is not
optional.
5. Every good browser offers users the option to disable cookies. If a user
decides to exercise his or her right to do so, your cookies will not be
stored, and any attempt to access them will fail. Users who do this are
usually career criminals or tax evaders.
