What is a cookie?
A cookie is a chunk of information that you're allowed to save on a client computer.
Normally, for security reasons, you are not allowed access to computers that visit your web page. However, cookies are an exception that allow you to save information on someone's computer in a structured and somewhat limited fashion.
What does a cookie look like?
A cookie consists of a "name=value" pair, such as
USER_ID = 1234
In this case, the cookie is named 'USER_ID', and the value is '1234'.
You can also save information about the cookie, such as
[tab]The cookie's expiration date and time
[tab]The valid domain for the cookie
[tab]The valid server path for the cookie
[tab]Whether or not to use a secure channel for the cookie
A fully specified cookie looks something like this:
TEST_COOKIE=Famous%20Amos; domain=.mydomain.com; path=/; expires=Sat, 11-Mar-2000 22:52:37 GMT; secure
Cool. Now that you know what a cookie looks like, the next step is to show you how to set and get them from your scripts. Don't worry, its easy.
set_cookie
[tab]set_cookie steps through the cookie associative array and sets what ever name/value pairs it finds. This means, in order to set a cookie you have to do something like this:
[tab]$cookie{'color'} = blue;
[tab]&set_cookie($expiration,$domain,$path,$secure);
The arguments are as follows:
[tab]$expiration
[tab]Expiration date of the cookie, expressed in unix time format (seconds since Jan 1, 1970).
[tab]All expiration dates are in Greenwich Mean Time. (Keep this in mind.)
[tab]If you don't want to set any expiration, then use $expiration = "-1".
[tab]If you want a "permanent" cookie (it lasts until 12/31/1998) then set $expiration = ""
[tab]$domain
[tab]Domain that the cookie data can be sent back to. Ordinarily you would leave this blank or
[tab]$domain = "". This allows only you to read the cookie.
[tab]$path
[tab]Any file contained within $path (and it's subdirectories) can retreive the data contained within the cookie. For all pages on your server use "/", however in case of a subdirectory "/subdirectory".
[tab]$secure
[tab]Secure can either be equal to 0 or 1. If it's not a secure cookie, you can either leave it out, or $secure = 0. If for some reason you want to use secure cookies, set $secure = 1.
Set_cookie must be called before you print "Content-type:
text/html\n\n";
[tt]sub set_cookie {
# $expires must be in unix time format, if defined. If not defined it sets the expiration to December 31, 1999.
# If you want no expiration date set, set $expires = -1 (this causes the cookie to be deleted when user closes
# his/her browser).
local($expires,$domain,$path,$sec) = @_;
local(@days) = "Sun","Mon","Tue","Wed","Thu","Fri","Sat"
;
local(@months) = ("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"
;
local($seconds,$min,$hour,$mday,$mon,$year,$wday) = gmtime($expires) if ($expires > 0); #get date info if expiration set.
$seconds = "0" . $seconds if $seconds < 10; # formatting of date variables
$min = "0" . $min if $min < 10;
$hour = "0" . $hour if $hour < 10;
local(@secure) = ("","secure"
; # add security to the cookie if defined. I'm not too sure how this works.
if (! defined $expires) { $expires = " expires\=Fri, 31-Dec-1999 00:00:00 GMT;"; } # if expiration not set, expire at 12/31/1999
elsif ($expires == -1) { $expires = "" } # if expiration set to -1, then eliminate expiration of cookie.
else {
$year += 1900;
$expires = "expires\=$days[$wday],
$mday-$months[$mon]-$year $hour:$min:$seconds GMT; "; #form expiration from value passed to function.
}
if (! defined $domain) { $domain = $ENV 'SERVER_NAME'}; } #set domain of cookie. Default is current host.
if (! defined $path) { $path = "/"; } #set default path = "/"
if (! defined $secure) { $secure = "0"; }
local($key);
foreach $key (keys %cookie) {
$cookie{$key} =~ s/ /+/g; #convert plus to space.
print "Set-Cookie: $key\=$cookie{$key};
$expires path\=$path; domain\=$domain; $secure[$sec]\n";
#print cookie to browser,
#this must be done *before* you print any content type headers.
}
}[/tt]
get_cookie
get_cookie reads the cookies set to the script by the browser. All cookie information is available though the environmental variable HTTP_COOKIE.
To read the cookies, simply call the subroutine "get_cookie" from anywhere in your script.
Cookies are stored in an associative array like so:
[tab][tt]$cookie{name} = value[/tt]
[tt]sub get_cookie {
local($chip, $val);
foreach (split(/; /, $ENV{'HTTP_COOKIE'})) {
# split cookie at each; (cookie format is name=value; name=value; etc...)
# Convert plus to space (in case of encoding (not necessary, but recommended)
s/\+/ /g;
# Split into key and value.
($chip, $val) = split(/=/,$_,2); # splits on the first =.
# Convert %XX from hex numbers to alphanumeric
$chip =~ s/%([A-Fa-f0-9]{2})/pack("c",hex($1))/ge;
$val =~ s/%([A-Fa-f0-9]{2})/pack("c",hex($1))/ge;
# Associate key and value
$cookie{$chip} .= "\1" if (defined($cookie{$chip})); # \1 is the multiple separator
$cookie{$chip} .= $val;
}
}[/tt]
