<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>   <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type" />   <title>Cookies</title>   <meta name="generator"  content="amaya 8.1a, see http://www.w3.org/Amaya/" />   <link href="styles.css" rel="stylesheet" type="text/css" /> </head> <body> <h1>Cookies</h1> <p>The term "cookie" is a technical term describing information which is set in a response sent to a user and which is then provided every time the user accesses the application. In effect, the application asks the user to remember something on its behalf and to remind the application of that thing over and over again.</p> <h2>Potential Uses</h2> <p>Although there are some restrictions on how much information can be stored in a cookie and the type of that information (it must be a plain Python&nbsp;string), the mechanism is useful for identifying users or remembering simple things about the operations that the user has been performing. Some uses include:</p> <ul>   <li>The use of cookies to remember the state of&nbsp;user interfaces, such as which parts of a navigational menu have been opened by the user.</li>   <li>The identification of users, although since cookie information is transmitted back to the user potentially using an insecure network communication, it is usually necessary to encrypt or encode sensitive information which would identify a user or let an eavesdropper pretend to be that user in their own communications with an application.</li> </ul> <div class="WebStack"> <h3>WebStack API - Using Cookies</h3> <p>The <a  href="../apidocs/public/WebStack.Generic.Transaction-class.html">transaction</a> object provides the following methods for setting cookie information and accessing it on later occasions:</p> <dl>   <dt><code>set_cookie_value</code></dt>   <dd>This method stores a piece of information associated with a given name and having a given plain Python string value as a cookie. Other information can also be specified which&nbsp;controls the way the cookie is used, notably the path (to which applications the cookie is sent) and expiry time (a UNIX time style number which states when the cookie should stop being exchanged).</dd>   <dt><code>set_cookie</code></dt>   <dd>This method stores an existing cookie object as a cookie in future communications with the user concerned. The form of such objects is described below.</dd>   <dt><code>get_cookies</code></dt>   <dd>This method returns a dictionary mapping names to cookie objects.</dd>   <dt><code>get_cookie</code></dt>   <dd>This method returns a specific cookie object for a given name.</dd>   <dt><code>delete_cookie</code></dt>   <dd>This method deletes a cookie, ensuring that the information within it is not exchanged in future.</dd> </dl> <p><a  href="../apidocs/public/WebStack.Helpers.Request.Cookie-class.html">Cookie</a> objects can be any objects&nbsp;having the following properties:</p> <dl>   <dt><code>name</code></dt>   <dd>This is the name associated with the cookie. It must be a plain Python&nbsp;string.</dd>   <dt><code>value</code></dt>   <dd>This is the information stored in the cookie. It must be a plain Python&nbsp;string.</dd> </dl> </div> <h2>How and When to Get and Set Cookies</h2> <p>Cookies which were set in previous interactions are always available straight away unless they were deleted at some earlier point in time. Typically, your application will have reserved a cookie name and will then access the cookie using that name; for example:</p> <pre>        # In the respond method...<br />        my_cookie = trans.get_cookie("my_cookie")    # this gets a cookie object<br />        my_information = my_cookie.value             # trans.get_cookie_value would get this value directly</pre> <p>It is possible to modify the cookie object, but on its own this has no effect on the value exchanged between the application and the user. To update the cookie in that way, you must also use the&nbsp;<code>set_cookie</code> method, or instead use the&nbsp;<code>set_cookie_value</code> method:</p> <pre>        # In the respond method after getting the cookie...<br />        my_cookie.value = "Something else!"                              # this must be a plain string<br />        trans.set_cookie(my_cookie)                                      # this uses the existing object<br />        trans.set_cookie_value("another_cookie", "More information!")    # this adds a new cookie with the given name</pre> <p>Note that changing a cookie's value directly using&nbsp;<code>set_cookie_value</code> will not necessarily change the value found in cookie objects returned by subsequent calls to&nbsp;<code>get_cookie</code> during the handling of the same request.</p> <p>To delete cookies, actual cookie objects must be provided:</p> <pre>        # In the respond method after getting the cookie...<br />        trans.delete_cookie(my_cookie)</pre> <p>This does not necessarily remove the cookie from the dictionary returned by&nbsp;<code>get_cookies</code> or prevent&nbsp;<code>get_cookie</code> returning a cookie object for the&nbsp;name specified in the deleted cookie during the handling of the same request.</p> </body> </html>