CGI::Simple::Cookie(3pm)

1CGI::Simple::Cookie(3)User Contributed Perl DocumentationCGI::Simple::Cookie(3)
2
3
4

NAME

6       CGI::Simple::Cookie - Interface to HTTP cookies
7

SYNOPSIS

9           use CGI::Simple::Standard qw(header);
10           use CGI::Simple::Cookie;
11
12           # Create new cookies and send them
13           $cookie1 = CGI::Simple::Cookie->new( -name=>'ID', -value=>123456 );
14           $cookie2 = CGI::Simple::Cookie->new( -name=>'preferences',
15                                               -value=>{ font => Helvetica,
16                                                         size => 12 }
17                                             );
18           print header( -cookie=>[$cookie1,$cookie2] );
19
20           # fetch existing cookies
21           %cookies = CGI::Simple::Cookie->fetch;
22           $id = $cookies{'ID'}->value;
23
24           # create cookies returned from an external source
25           %cookies = CGI::Simple::Cookie->parse($ENV{COOKIE});
26

DESCRIPTION

28       CGI::Simple::Cookie is an interface to HTTP/1.1 cookies, a mechanism
29       that allows Web servers to store persistent information on the
30       browser's side of the connection. Although CGI::Simple::Cookie is
31       intended to be used in conjunction with CGI::Simple (and is in fact
32       used by it internally), you can use this module independently.
33
34       For full information on cookies see:
35
36               http://tools.ietf.org/html/rfc2109
37               http://tools.ietf.org/html/rfc2965
38

40       CGI::Simple::Cookie is object oriented.  Each cookie object has a name
41       and a value.  The name is any scalar value.  The value is any scalar or
42       array value (associative arrays are also allowed).  Cookies also have
43       several optional attributes, including:
44
45       1. expiration date
46           The expiration date tells the browser how long to hang on to the
47           cookie.  If the cookie specifies an expiration date in the future,
48           the browser will store the cookie information in a disk file and
49           return it to the server every time the user reconnects (until the
50           expiration date is reached).  If the cookie species an expiration
51           date in the past, the browser will remove the cookie from the disk
52           file.  If the expiration date is not specified, the cookie will
53           persist only until the user quits the browser.
54
55       2. domain
56           This is a partial or complete domain name for which the cookie is
57           valid.  The browser will return the cookie to any host that matches
58           the partial domain name.  For example, if you specify a domain name
59           of ".capricorn.com", then the browser will return the cookie to web
60           servers running on any of the machines "www.capricorn.com",
61           "ftp.capricorn.com", "feckless.capricorn.com", etc.  Domain names
62           must contain at least two periods to prevent attempts to match on
63           top level domains like ".edu".  If no domain is specified, then the
64           browser will only return the cookie to servers on the host the
65           cookie originated from.
66
67       3. path
68           If you provide a cookie path attribute, the browser will check it
69           against your script's URL before returning the cookie.  For
70           example, if you specify the path "/cgi-bin", then the cookie will
71           be returned to each of the scripts "/cgi-bin/tally.pl",
72           "/cgi-bin/order.pl", and "/cgi-bin/customer_service/complain.pl",
73           but not to the script "/cgi-private/site_admin.pl".  By default,
74           the path is set to "/", so that all scripts at your site will
75           receive the cookie.
76
77       4. secure flag
78           If the "secure" attribute is set, the cookie will only be sent to
79           your script if the CGI request is occurring on a secure channel,
80           such as SSL.
81
82       4. HttpOnly flag
83           If the "httponly" attribute is set, the cookie will only be
84           accessible through HTTP Requests. This cookie will be inaccessible
85           via JavaScript (to prevent XSS attacks).
86
87           See this URL for more information including supported browsers:
88
89           <http://www.owasp.org/index.php/HTTPOnly>
90
91   Creating New Cookies
92           $c = CGI::Simple::Cookie->new( -name    =>  'foo',
93                                         -value   =>  'bar',
94                                         -expires =>  '+3M',
95                                         -domain  =>  '.capricorn.com',
96                                         -path    =>  '/cgi-bin/database',
97                                         -secure  =>  1
98                                       );
99
100       Create cookies from scratch with the new method.  The -name and -value
101       parameters are required.  The name must be a scalar value.  The value
102       can be a scalar, an array reference, or a hash reference.  (At some
103       point in the future cookies will support one of the Perl object
104       serialization protocols for full generality).
105
106       -expires accepts any of the relative or absolute date formats
107       recognized by CGI::Simple, for example "+3M" for three months in the
108       future.  See CGI::Simple's documentation for details.
109
110       -max-age accepts the same data formats as -expires, but sets a relative
111       value instead of an absolute like -expires. This is intended to be more
112       secure since a clock could be changed to fake an absolute time. In
113       practice, as of 2011, "-max-age" still does not enjoy the widespread
114       support that "-expires" has. You can set both, and browsers that
115       support "-max-age" should ignore the "Expires" header. The drawback to
116       this approach is the bit of bandwidth for sending an extra header on
117       each cookie.
118
119       -domain points to a domain name or to a fully qualified host name.  If
120       not specified, the cookie will be returned only to the Web server that
121       created it.
122
123       -path points to a partial URL on the current server.  The cookie will
124       be returned to all URLs beginning with the specified path.  If not
125       specified, it defaults to '/', which returns the cookie to all pages at
126       your site.
127
128       -secure if set to a true value instructs the browser to return the
129       cookie only when a cryptographic protocol is in use.
130
131       -httponly if set to a true value, the cookie will not be accessible via
132       JavaScript.
133
134   Sending the Cookie to the Browser
135       Within a CGI script you can send a cookie to the browser by creating
136       one or more Set-Cookie: fields in the HTTP header.  Here is a typical
137       sequence:
138
139           $c = CGI::Simple::Cookie->new( -name    =>  'foo',
140                                          -value   =>  ['bar','baz'],
141                                          -expires =>  '+3M'
142                                         );
143
144           print "Set-Cookie: $c\n";
145           print "Content-Type: text/html\n\n";
146
147       To send more than one cookie, create several Set-Cookie: fields.
148       Alternatively, you may concatenate the cookies together with "; " and
149       send them in one field.
150
151       If you are using CGI::Simple, you send cookies by providing a -cookie
152       argument to the header() method:
153
154         print header( -cookie=>$c );
155
156       Mod_perl users can set cookies using the request object's header_out()
157       method:
158
159         $r->header_out('Set-Cookie',$c);
160
161       Internally, Cookie overloads the "" operator to call its as_string()
162       method when incorporated into the HTTP header.  as_string() turns the
163       Cookie's internal representation into an RFC-compliant text
164       representation.  You may call as_string() yourself if you prefer:
165
166           print "Set-Cookie: ",$c->as_string,"\n";
167
168   Recovering Previous Cookies
169           %cookies = CGI::Simple::Cookie->fetch;
170
171       fetch returns an associative array consisting of all cookies returned
172       by the browser.  The keys of the array are the cookie names.  You can
173       iterate through the cookies this way:
174
175           %cookies = CGI::Simple::Cookie->fetch;
176           foreach (keys %cookies) {
177               do_something($cookies{$_});
178           }
179
180       In a scalar context, fetch() returns a hash reference, which may be
181       more efficient if you are manipulating multiple cookies.
182
183       CGI::Simple uses the URL escaping methods to save and restore reserved
184       characters in its cookies.  If you are trying to retrieve a cookie set
185       by a foreign server, this escaping method may trip you up.  Use
186       raw_fetch() instead, which has the same semantics as fetch(), but
187       performs no unescaping.
188
189       You may also retrieve cookies that were stored in some external form
190       using the parse() class method:
191
192              $COOKIES = `cat /usr/tmp/Cookie_stash`;
193              %cookies = CGI::Simple::Cookie->parse($COOKIES);
194
195   Manipulating Cookies
196       Cookie objects have a series of accessor methods to get and set cookie
197       attributes.  Each accessor has a similar syntax.  Called without
198       arguments, the accessor returns the current value of the attribute.
199       Called with an argument, the accessor changes the attribute and returns
200       its new value.
201
202       name()
203           Get or set the cookie's name.  Example:
204
205               $name = $c->name;
206               $new_name = $c->name('fred');
207
208       value()
209           Get or set the cookie's value.  Example:
210
211               $value = $c->value;
212               @new_value = $c->value(['a','b','c','d']);
213
214           value() is context sensitive.  In a list context it will return the
215           current value of the cookie as an array.  In a scalar context it
216           will return the first value of a multivalued cookie.
217
218       domain()
219           Get or set the cookie's domain.
220
221       path()
222           Get or set the cookie's path.
223
224       expires()
225           Get or set the cookie's expiration time.
226
227       max_age()
228           Get or set the cookie's maximum age.
229
230       secure()
231           Get or set the cookie's secure flag.
232
233       httponly()
234           Get or set the cookie's HttpOnly flag.
235

AUTHOR INFORMATION

237       Original version copyright 1997-1998, Lincoln D. Stein.  All rights
238       reserved.  Originally copyright 2001 Dr James Freeman
239       <jfreeman@tassie.net.au> This release by Andy Armstrong
240       <andy@hexten.net>
241
242       This library is free software; you can redistribute it and/or modify it
243       under the same terms as Perl itself.
244
245       Address bug reports and comments to: andy@hexten.net
246

BUGS

248       This section intentionally left blank :-)
249

NAME

SYNOPSIS

DESCRIPTION

USING CGI::Simple::Cookie

AUTHOR INFORMATION

BUGS

SEE ALSO