HTML 4.0 Sourcebook:Data Processing on an HTTP Server

To access the contents, click the chapter and section titles.

HTML 4.0 Sourcebook
(Publisher: John Wiley & Sons, Inc.)
Author(s): Ian S. Graham
ISBN: 0471257249
Publication Date: 04/01/98

Table of Contents

State Preservation by Hidden Elements

There are two ways to use TYPE=“hidden” INPUT (“hidden,” for short) elements to preserve state information. First, the gateway program can place all the data received from the client inside “hidden” elements returned with the FORM used for the next stage of a transaction. Then, the subsequent access to a server resends the data from the previous interaction(s), since all the data are preserved in the “hidden” elements. The second method is to create a temporary file on the server and store the transaction data within this file. In this case, the gateway program need only return a single “hidden” element containing the name of this temporary file, so that the gateway program, on subsequent requests, is told where to find the state information. This reduces the amount of data that must be sent from client to server (and back again), but also means that the gateway programs must carefully manage these temporary files. For example, many remote users may not complete the transaction, which will leave temporary files in place unless there are auxiliary routines for deleting “stale” entries.

State Preservation by Netscape Cookies

The “hidden” form element mechanism works, but is not ideal. Problems arise if a user does not move through the sequence exactly as planned and in a single session. For example, a user might get halfway through a process, shut off his or her computer and go home, hoping to resume the next morning. This is not possible with “hidden” form elements, since all the state information is lost when the browser is turned off.

As a partial solution to this problem, Netscape introduced a mechanism commonly known as Netscape cookies. The idea behind cookies is to have the browser store, on its local hard disk, specific state information sent by the server. In a sense, this is like storing “hidden” element data, but outside the document and in such a way that they can be retrieved whenever needed. The cookie content is then sent to the server, as part of the HTTP request header, when appropriate.

Cookies are sent to a browser using a Set-Cookie HTTP response header field or fields (the server can send multiple cookies in a single transaction). In turn, the browser sends cookies to a server using a Cookie HTTP request header field.

Putting a Cookie on the Browser

An HTTP server places cookie information on a browser by sending a special Set-Cookie HTTP response header field—which is often returned by CGI programs within a server directive. The Set-Cookie field contains the cookie content as a name/value pair and can also contain information explaining when the cookie will no longer be valid (expires), the Internet domain for which the cookie is valid (domain), and the path portion of the URL within this domain for which the cookie is valid (path).

Cookie Parameter Values

The general form of a Set-Cookie header field is:

Set-Cookie:  name=value; expires= date; path= val_path; domain= dom_nam; secure


Table 10.4 Definition of Parameters for Set-Cookie Fields
name= value (mandatory)	This mandatory parameter specifies the name and value for the cookie. Both name and value must be strings of printable ASCII characters and cannot contain semicolons (;), commas (,) or space characters. There is no encoding mechanism specified for cookies. Both the name and value are arbitrary, given the above restrictions. The similarity to the name and value portions of a form INPUT element is intentional.
domain= domain.name (optional)	This parameter specifies the Internet domain for which the cookie is valid and to which the cookie content can be sent. This can be a subdomain, for example .java.utoronto.ca, in which case the valid domains will be any domain names ending in this string. For domain names ending in country codes (e.g., .ca, .us—see Appendix E, “Tags for Idenfity Languages”, available from the companion Web site at www.wiley.com/compbooks/graham), the subdomain specification must contain at least three periods, as in this example. In the case of the special top-level domains .com, .edu, .net, .org, .gov, .mil, and .int, only two periods are needed. Thus an example subdomain specification would be .netscape.com.
	The server sending the Set-Cookie request must reside in the domain specified by the domain parameter. Thus the machine home.netscape.com can specify domain=.netscape.com, while the machine smaug.java.utoronto.ca cannot.
	If not specified, the default value is the full domain name for the server sending the Set-Cookie request.
path= valid/path (optional)	Specifies the set of URLs at the allowed domain(s) for which the cookie is valid.
	If not specified, the default value is the URL path to the resource being returned with the Set-Cookie header.
expires= time_date (optional)	Sets the date at which the cookie expires and should be deleted. The allowed value is a date string of the format
	Day, dd-Mon-yyyy hh:mm:ss GMT
	or any of the date formats described at the end of Chapter 9. If absent, the cookie expires when the user exits the browser session (or when the browser crashes).
secure (optional)	Indicates that the cookie content should only be communicated down a secure HTTP connection, such as https. If this parameter is present and the connection is not secure, then the cookie content is not sent. If this parameter is absent, the cookie is sent regardless of security issues.

Note that the different parts of the cookie header are separated by semicolons. Most of these parameters are optional. The meanings and uses of the parameters are described in Table 10.4.

TIP: No Quotation Marks in Parameter Fields
Unlike HTML attributes, cookie parameter values must not be enclosed in quotation marks. Thus, you must type domain=.sub.domain.edu and not domain=“.sub.domain.edu”—the latter will not work. Similarly, you must not surround the name=value portion with quotes, as the quotation marks will be taken as the first character of the name and the last character of the value.

Table of Contents

Products | Contact Us | About Us | Privacy | Ad Info | Home

Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc.
All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement.