HTTP_COOKIE

The HTTP_COOKIE element contains any HTTP cookie definitions for an application.

The main goal of cookies is to keep a state, through session variables, between two runs of an application by the same user. The number of cookies associated with an application should be constant.

Syntax

  <HTTP_COOKIE Id="cid" [Expires="endTime" | Domain="mydomain" | 
   Secure="TRUE|FALSE" | HttpOnly="TRUE|FALSE" | SameSite="STRICT|LAX|NONE]>
    <VARIABLE Id="varId">val</VARIABLE> [...]
    <CONSTANT Id="cstId">cst</CONSTANT> [...]
  <HTTP_COOKIE> [...]

Syntax notes

The HTTP_COOKIE element takes a mandatory Id attribute and five optional attributes: Expires, Domain, Secure, HttpOnly, and SameSite.

  1. cid is the cookie name.
  2. The Expires attribute specifies the cookie expiration date. endTime is cookie expiration in "Wdy, DD-Mon-YYYY HH:MM:SS GMT" format. You can set a relative date with "+X" or "X", where X represent a number of seconds. "X" will fix the cookie date only at the creation time and "+X" will regenerate a new date for the cookie on each HTTP request. The Expires attribute is optional.
  3. The Domain attribute restricts the cookie to a specified domain. mydomain is the domain name the cookie is restricted to. The Domain attribute is optional.
  4. When set to TRUE, the Secure attribute restricts the cookie to secured connections (HTTPS) only. Valid values are TRUE or FALSE. The Secure attribute is optional.
  5. When set to TRUE, the HttpOnly attribute disables the cookie access from client-side scripting languages, such as JavaScript, running in a browser. Valid values are TRUE or FALSE. The HttpOnly attribute is optional.
  6. The SameSite attribute determines whether the cookie is restricted to a same-site context. Valid values are:

    The SameSite attribute is optional. The default value is Lax.

  7. varId is the variable name and val its value.
  8. cstId is the constant name and cst its value.

Child elements

The HTTP_COOKIE element may contain the following child elements, defined by a mandatory identifier and an optional value.:

  1. Zero to many CONSTANT elements
  2. Zero to many VARIABLE elements

Example

<!-- secure persistent cookie with default variable value and constant value -->
<HTTP_COOKIES>
  <HTTP_COOKIE Id="cookie3" Expires="Wdy, DD-Mon-YYYY HH:MM:SS GMT" 
   Domain="www.domain.com" Secure="TRUE" HttpOnly="TRUE">
    <VARIABLE Id="var7" />
    <VARIABLE Id="var8">Initial value</VARIABLE>
    <CONSTANT Id="constant1">A value</CONSTANT>
  </HTTP_COOKIE>
</HTTP_COOKIES>

For more information on HTTP cookies, see the Session Variables and Cookies page.

Parent elements

This element is a child of one of the following elements: