What language specifically are you looking for? The concept behind cookies is simple, but the various implementations of interacting with them can be a bit different from language to language. Are you looking for javascript, php, Java, C#, ...?
Oh, well I'm not really too concerned with language specific handling, actually. More conceptual and network details. Stuff like
* header format and available fields (for Set-Cookie and Cookie headers) * what determines exactly which URIs a Cookie shall be sent to * sending via http only, http-s only, both http and http-s * cookies set for domains that are different from the originating URI
I actually found some decent info here that I'm going to read through. Also found the RFC! Apparently it's already deprecated for Set-Coookie2, does anyone use that??
Bonus: * javascript (and similar) cookies - how does that work? Obviously not sent in Set-Cookie header, I guess it is expected that it's implemented in the browser as part of the javascript stack to write the cookie?
Headers: I don't know the specifics of how the cookies are defined as headers in an http request. I do know that you don't get to specify an encoding, so there is the potential for ickiness if you get into special characters
URIs: Cookies are sent with both GET and POST requests to domains that match the set domain and optional path portion of the cookie.
HTTP vs HTTPS: They both get the cookies (unless secure has been set).
Domains: You can't read or write a cookie for a domain that is different from the responding URI.
Javascript: Cookies are manipulated as a semi-colon delimited string that gets parsed by the browser and sent as normal cookies as part of any GET or POST request that matches the domain/path and security settings of the cookie. So that javascript stack is directly manipulating the list of cookies based upon the colon-delimited string specified as document.cookie.
Sweet! I knew it was super simple and I could understand everything I needed to know in less than an hour if only I could just find it. :) The 'secure' flag answers one of the key things I was worried about and not sure could be handled right.
How weird the world works. MSDN is actually a useful place for info now. here is a link to MSDN's version of the page you found, but has links to other WinINet methods that go into the subsequent routines giving more info on the data migration and codification.
Comments 5
Reply
* header format and available fields (for Set-Cookie and Cookie headers)
* what determines exactly which URIs a Cookie shall be sent to
* sending via http only, http-s only, both http and http-s
* cookies set for domains that are different from the originating URI
I actually found some decent info here that I'm going to read through. Also found the RFC! Apparently it's already deprecated for Set-Coookie2, does anyone use that??
Bonus:
* javascript (and similar) cookies - how does that work? Obviously not sent in Set-Cookie header, I guess it is expected that it's implemented in the browser as part of the javascript stack to write the cookie?
Reply
document.cookie.
Reply
Reply
Reply
Leave a comment