What is a Cookie?
Cookie: A small amount of information sent by a Web server to a Web browser, saved by the browser, and sent back to the server later. Cookies are transmitted inside the HTTP header.
Cookies move from server to browser, and back to server as follows:
Web Web Local Web Web Server Browser System Browser Server
Send Receive Save Send back Receive cookies --> cookies --> cookies --> cookies --> cookies
As you can see from the diagram, cookies are actually saved to the hard disk of Web browser user's machines. Many users are concerned about this. But I think it is pretty save to allow your browser to save cookies.
If you are really concerned, you can change your browser's settings to reject cookies. But this may cause many Web based applications fail to run on your browser.
Sending and Receiving Cookies
Sending cookies to the browser can be done by using the response.cookies collection object. You can add new items to this collection easily.
set c = response.Cookies c.Item(name) = value 'Adding or replacing a value with a name. c(name) = value 'Same as above - short-hand form c.Add value, name 'Same as above c.Remove(name) 'Removing a name and its value
Receiving cookies from the browser can be done using the request.Cookies collection object. This is a read-only collection object.
set c = request.Cookies
value = c.Item(name) 'Returning the value of the specified item.
value = c(name) 'Same as above - short-hand form.
for each n in c 'Iterating by name
v = c(n)
next
Here is program to demonstrate how to use those collection objects:
<script language="vbscript" runat="server">
' cookie_test.asp
' Copyright (c) 2002 by Dr. Herong Yang
' This ASP page displays all the cookies received by the server.
'
response.write("<html><body>")
' Displaying all the cookies
response.write("<b>Cookies received at this time:</b>:<br/>")
set c = request.Cookies
response.write("Cookies.Count = " & c.Count & "<br/>")
for each n in c
response.write( n & " = " & c(n) & "<br/>")
next
response.write("<b>Cookie added by the server:</b><br/>")
n = "Cookie_" & (c.Count+1)
v = "Value_" & (c.Count+1)
response.write( n & " = " & v & "<br/>")
response.cookies(n) = v
response.write("</body></html>")
</script>
So I opened this page with IE, I got:
Cookies received at this time:: Cookies.Count = 0 Cookie added by the server: Cookie_1 = Value_1Then I clicked the refresh button on the IE window, I got:
Cookies received at this time:: Cookies.Count = 1 Cookie_1 = Value_1 Cookie added by the server: Cookie_2 = Value_2What happened here was that when I requested the page the first time, the server received no cookie from the browser's request. But this page added one cookie named as "Cookie_1" to the response. So my browser has one cookie now.
When I clicked the refresh button, my browser requested this page again with this cookie. Now the server received one cookie from the request. But this page added another cookie as "Cookie_2" to the response. So my browser has two cookies now.
If I keep clicking the refresh button, more and more cookies would be added to the request and response. But there is a limit. The browser will only take up to 20 cookies from one Web server.
Cookie Properties and Itemized Values
The cookie collection actually stores cookie objects, not just a named value. I don't have a full description of the cookie object (class), but I know a number properties of the cookie object.
- respones.cookie(n).Expires: A property to set the expiration date of this cookie. If the expiration date is set, this cookie will be persisted to browser's local file system. Date format should be like "response.cookie(n).Expires = #12/31/2029 00:00:00#". Default is to expire immediately when the browser closes.
- response.cookie(n).Domain: A property to define the domain name. When the browser is requesting a page from a server in that domain, it should send this cookie to the server.
- response.cookie(n).Path: A property to define the path name. When the browser is requesting a page within that path name, it should send this cookie to the server.
- response.cookie(n).Item(k): A method to add a value as an keyed item into this cookie.
- request.cookie(n).Item(k): A method to return a value of an keyed item from this cookie.
- request.cookie(n).hasKeys: A property returns true if this cookie has pairs of keys and values.
Here is an ASP page to illustrate these special features:
<script language="vbscript" runat="server">
' special_cookies.asp
' Copyright (c) 2002 by Dr. Herong Yang
' This ASP page sends and receives some special cookies.
'
response.write("<html><body>")
' Displaying all the cookies
response.write("<b>Cookies received at this time:</b>:<br/>")
set c = request.Cookies
response.write("Cookies.Count = " & c.Count & "<br/>")
for each n in c
response.write(n & " = " & c(n) & "<br/>")
if c(n).hasKeys then
for each k in c(n)
response.write(n&".Item("&k&") = " & c(n).Item(k) & "<br/>")
next
end if
next
response.write("<b>Adding a persistent cookie:</b><br/>")
n = "Cookie_" & (c.Count+1)
v = "Value_" & (c.Count+1)
response.write( n & " = " & v & "<br/>")
response.cookies(n) = v
response.cookies(n).expires = #12/31/2029 00:00:00#
response.write("<b>Adding a persistent cookie with domain:</b><br/>")
n = "Cookie_d_" & (c.Count+1)
v = "Value_d_" & (c.Count+1)
response.write(n & " = " & v & "<br/>")
response.cookies(n) = v
response.cookies(n).expires = #12/31/2029 00:00:00#
response.cookies(n).domain = "localhost/"
response.write("<b>Adding a persistent cookie with keys:</b><br/>")
n = "Cookie_p_" & (c.Count+1)
k = "Cookie_c_1_" & (c.Count+1)
v = "Value_c_1_" & (c.Count+1)
response.write(n& ".Item("&k&") = " & v & "<br/>")
response.cookies(n).Item(k) = v
k = "Cookie_c_2_" & (c.Count+1)
v = "Value_c_2_" & (c.Count+1)
response.write(n&".Item("&k&") = " & v & "<br/>")
response.cookies(n)(k) = v
response.cookies(n).expires = #12/31/2029 00:00:00#
response.write("</body></html>")
</script>
Request this ASP page, special_cookies.asp, with IE, you will get:
Cookies received at this time:: Cookies.Count = 0 Adding a persistent cookie: Cookie_1 = Value_1 Adding a persistent cookie with domain: Cookie_d_2 = Value_d_2 Adding a persistent cookie with keys: Cookie_p_3.Item(Cookie_c_1_3) = Value_c_1_3 Cookie_p_3.Item(Cookie_c_2_4) = Value_c_2_4
Now click at your IE "Tools" menu and select "Internet Options...". Click the "Settings..." button in the "Temporary Internet files" section of the "General" tab. You will see where is your "Temporary Internet files folder". Go to that folder, you will see a cookie file named something like "Cookie:user@localhost/". Double click on that file, you should be able to open this file in notepad:
Cookie%5Fp%5F3 Cookie%5Fc%5F2%5F4=Value%5Fc%5F2%5F4&Cookie%5Fc%5F1%5F3=Value%5Fc%5F1%5F3 localhost/ 1024 1584531456 31520289 2345072944 29563936 * Cookie%5F1 Value%5F1 localhost/ 1024 1584531456 31520289 2345672944 29563936 *
If you click the IE refresh button, you will get the following in the IE window:
Cookies received at this time:: Cookies.Count = 2 Cookie_p_3 = Cookie%5Fc%5F1%5F3=Value%5Fc%5F1%5F3&Cookie%5Fc%5F2%5F4=V... Cookie_p_3.Item(Cookie_c_1_3) = Value_c_1_3 Cookie_p_3.Item(Cookie_c_2_4) = Value_c_2_4 Cookie_1 = Value_1 Adding a persistent cookie: Cookie_3 = Value_3 Adding a persistent cookie with domain: Cookie_d_4 = Value_d_4 Adding a persistent cookie with keys: Cookie_p_5.Item(Cookie_c_1_5) = Value_c_1_5 Cookie_p_5.Item(Cookie_c_2_6) = Value_c_2_6
To prove that the cookies are really persisted, close your IE browser. And run it again to request the same ASP page, special_cookies.asp, you will get:
Cookies received at this time:: Cookies.Count = 4 Cookie_p_3 = Cookie%5Fc%5F1%5F3=Value%5Fc%5F1%5F3&Cookie%5Fc%5F2%5F4=V... Cookie_p_3.Item(Cookie_c_1_3) = Value_c_1_3 Cookie_p_3.Item(Cookie_c_2_4) = Value_c_2_4 Cookie_p_5 = Cookie%5Fc%5F1%5F5=Value%5Fc%5F1%5F5&Cookie%5Fc%5F2%5F6=V... Cookie_p_5.Item(Cookie_c_1_5) = Value_c_1_5 Cookie_p_5.Item(Cookie_c_2_6) = Value_c_2_6 Cookie_1 = Value_1 Cookie_3 = Value_3 Adding a persistent cookie: Cookie_5 = Value_5 Adding a persistent cookie with domain: Cookie_d_6 = Value_d_6 Adding a persistent cookie with children: Cookie_p_7.Item(Cookie_c_1_7) = Value_c_1_7 Cookie_p_7.Item(Cookie_c_2_8) = Value_c_2_8
From this tutorial, we have learned:
- Cookies will be persisted into a file, if you set the expiration date.
- Cookie expiration dates must be within Jan 1, 1980 and Jan 19, 2038. This is weird.
- This cookie file is not so easy to read. But you can still figure out some information. Of course, "%5F" represents "_".
- Cookie names can not have space characters.
- The default domain of a cookie is the domain from where it come from. In our tutorial, all cookies are come from localhose/, so they all have this domain name, when persisted into the cookie file.
- My statement 'response.cookies(n).domain = "localhost/"' is not working. Cookies defined with this statement were ignored by the IE browser.
- IE browser only takes 20 cookies from one Web server.
- IE browser can only support up to 300 cookies.
- Each cookie is limited to 4 KB in size.
- The cookie(n).Item(k) method is the default method, so it can be simplified as cookie(n)(k).
- Cookies with itemized values are just regular cookie with a special value format of "key=value&key=value...".
Some Other Cookie Definitions
A persistent cookie is one stored as a file on your computer, and it remains there when you close Internet Explorer. The cookie can be read by the Web site that created it when you visit that site again.
A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close Internet Explorer.
A first-party cookie either originates on or is sent to the Web site you are currently viewing. These cookies are commonly used to store information, such as your preferences when visiting that site.
A third-party cookie either originates on or is sent to a Web site different from the one you are currently viewing. Third-party Web sites usually provide some content on the Web site you are viewing. For example, many sites use advertising from third-party Web sites and those third-party Web sites may use cookies. A common use for this type of cookie is to track your Web page use for advertising or other marketing purposes. Third-party cookies can either be persistent or temporary.
discuss this topic to forum
