<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type" />

  <title>Cookies</title>

  <meta name="generator"

 content="amaya 8.1a, see http://www.w3.org/Amaya/" />

  <link href="styles.css" rel="stylesheet" type="text/css" />

</head>

<body>

<h1>Cookies</h1>

<p>The term "cookie" is a technical term describing information which

is set in a response sent to a user and which is then provided every

time the user accesses the application. In effect, the application asks

the user to remember something on its behalf and to remind the

application of that thing over and over again.</p>

<h2>Potential Uses</h2>

<p>Although there are some restrictions on how much information can be

stored in a cookie and the type of that information (it must be a plain

Python string), the mechanism is useful for identifying users or

remembering simple things about the operations that the user has been

performing. Some uses include:</p>

<ul>

  <li>The use of cookies to remember the state

of user interfaces, such as which parts of a navigational

menu have been opened by the user.</li>

  <li>The identification of users, although since cookie information is

transmitted back to the user potentially using an insecure network

communication, it is usually necessary to encrypt or encode sensitive

information which would identify a user or let an eavesdropper pretend

to be that user in their own communications with an application.</li>

</ul>

<div class="WebStack">

<h3>WebStack API - Using Cookies</h3>

<p>The <a

 href="../apidocs/public/WebStack.Generic.Transaction-class.html">transaction</a>

object provides the following methods for setting cookie information

and accessing it on later occasions:</p>

<dl>

  <dt><code>set_cookie_value</code></dt>

  <dd>This method stores a piece of information associated with a given

name and having a given plain Python string value as a cookie. Other

information can also be specified which controls the way the

cookie is used, notably the path (to which applications the cookie is

sent) and expiry time (a UNIX time style number which states when the

cookie should stop being exchanged).</dd>

  <dt><code>set_cookie</code></dt>

  <dd>This method stores an existing cookie object as a cookie in

future communications with the user concerned. The form of such objects

is described below.</dd>

  <dt><code>get_cookies</code></dt>

  <dd>This method returns a dictionary mapping names to cookie objects.</dd>

  <dt><code>get_cookie</code></dt>

  <dd>This method returns a specific cookie object for a given name.</dd>

  <dt><code>delete_cookie</code></dt>

  <dd>This method deletes a cookie, ensuring that the information

within it is not exchanged in future.</dd>

</dl>

<p><a

 href="../apidocs/public/WebStack.Helpers.Request.Cookie-class.html">Cookie</a>

objects can be any objects&nbsp;having the following properties:</p>

<dl>

  <dt><code>name</code></dt>

  <dd>This is the name associated with the cookie. It must be a plain

Python&nbsp;string.</dd>

  <dt><code>value</code></dt>

  <dd>This is the information stored in the cookie. It must be a plain

Python&nbsp;string.</dd>

</dl>

</div>

<h2>How and When to Get and Set Cookies</h2>

<p>Cookies which were set in previous interactions are always available

straight away unless they were deleted at some earlier point in time.

Typically, your application will have reserved a cookie name and will

then access the cookie using that name; for example:</p>

<pre>        # In the respond method...<br />        my_cookie = trans.get_cookie("my_cookie")    # this gets a cookie object<br />        my_information = my_cookie.value             # trans.get_cookie_value would get this value directly</pre>

<p>It is possible to modify the cookie object, but on its own this has

no effect on the value exchanged between the application and the user.

To update the cookie in that way, you must also use the&nbsp;<code>set_cookie</code>

method, or instead use the&nbsp;<code>set_cookie_value</code> method:</p>

<pre>        # In the respond method after getting the cookie...<br />        my_cookie.value = "Something else!"                              # this must be a plain string<br />        trans.set_cookie(my_cookie)                                      # this uses the existing object<br />        trans.set_cookie_value("another_cookie", "More information!")    # this adds a new cookie with the given name</pre>

<p>Note that changing a cookie's value directly using&nbsp;<code>set_cookie_value</code>

will not necessarily change the value found in cookie objects returned

by subsequent calls to&nbsp;<code>get_cookie</code> during the handling

of the same request.</p>

<p>To delete cookies, actual cookie objects must be provided:</p>

<pre>        # In the respond method after getting the cookie...<br />        trans.delete_cookie(my_cookie)</pre>

<p>This does not necessarily remove the cookie from the dictionary

returned by&nbsp;<code>get_cookies</code> or prevent&nbsp;<code>get_cookie</code>

returning a cookie object for the name specified in the deleted

cookie during the handling of the same request.</p>

</body>

</html>