CGI::Simple::Cookie(3pm) | User Contributed Perl Documentation | CGI::Simple::Cookie(3pm) |
CGI::Simple::Cookie - Interface to HTTP cookies
use CGI::Simple::Standard qw(header); use CGI::Simple::Cookie; # Create new cookies and send them $cookie1 = CGI::Simple::Cookie->new( -name=>'ID', -value=>123456 ); $cookie2 = CGI::Simple::Cookie->new( -name=>'preferences', -value=>{ font => Helvetica, size => 12 } ); print header( -cookie=>[$cookie1,$cookie2] ); # fetch existing cookies %cookies = CGI::Simple::Cookie->fetch; $id = $cookies{'ID'}->value; # create cookies returned from an external source %cookies = CGI::Simple::Cookie->parse($ENV{COOKIE});
CGI::Simple::Cookie is an interface to HTTP/1.1 cookies, a mechanism that allows Web servers to store persistent information on the browser's side of the connection. Although CGI::Simple::Cookie is intended to be used in conjunction with CGI::Simple (and is in fact used by it internally), you can use this module independently.
For full information on cookies see:
http://tools.ietf.org/html/rfc2109 http://tools.ietf.org/html/rfc2965
CGI::Simple::Cookie is object oriented. Each cookie object has a name and a value. The name is any scalar value. The value is any scalar or array value (associative arrays are also allowed). Cookies also have several optional attributes, including:
See this URL for more information including supported browsers:
<http://www.owasp.org/index.php/HTTPOnly>
$c = CGI::Simple::Cookie->new( -name => 'foo', -value => 'bar', -expires => '+3M', -domain => '.capricorn.com', -path => '/cgi-bin/database', -secure => 1 );
Create cookies from scratch with the new method. The -name and -value parameters are required. The name must be a scalar value. The value can be a scalar, an array reference, or a hash reference. (At some point in the future cookies will support one of the Perl object serialization protocols for full generality).
-expires accepts any of the relative or absolute date formats recognized by CGI::Simple, for example "+3M" for three months in the future. See CGI::Simple's documentation for details.
-max-age accepts the same data formats as -expires, but sets a relative value instead of an absolute like -expires. This is intended to be more secure since a clock could be changed to fake an absolute time. In practice, as of 2011, "-max-age" still does not enjoy the widespread support that "-expires" has. You can set both, and browsers that support "-max-age" should ignore the "Expires" header. The drawback to this approach is the bit of bandwidth for sending an extra header on each cookie.
-domain points to a domain name or to a fully qualified host name. If not specified, the cookie will be returned only to the Web server that created it.
-path points to a partial URL on the current server. The cookie will be returned to all URLs beginning with the specified path. If not specified, it defaults to '/', which returns the cookie to all pages at your site.
-secure if set to a true value instructs the browser to return the cookie only when a cryptographic protocol is in use.
-httponly if set to a true value, the cookie will not be accessible via JavaScript.
Within a CGI script you can send a cookie to the browser by creating one or more Set-Cookie: fields in the HTTP header. Here is a typical sequence:
$c = CGI::Simple::Cookie->new( -name => 'foo', -value => ['bar','baz'], -expires => '+3M' ); print "Set-Cookie: $c\n"; print "Content-Type: text/html\n\n";
To send more than one cookie, create several Set-Cookie: fields. Alternatively, you may concatenate the cookies together with "; " and send them in one field.
If you are using CGI::Simple, you send cookies by providing a -cookie argument to the header() method:
print header( -cookie=>$c );
Mod_perl users can set cookies using the request object's header_out() method:
$r->header_out('Set-Cookie',$c);
Internally, Cookie overloads the "" operator to call its as_string() method when incorporated into the HTTP header. as_string() turns the Cookie's internal representation into an RFC-compliant text representation. You may call as_string() yourself if you prefer:
print "Set-Cookie: ",$c->as_string,"\n";
%cookies = CGI::Simple::Cookie->fetch;
fetch returns an associative array consisting of all cookies returned by the browser. The keys of the array are the cookie names. You can iterate through the cookies this way:
%cookies = CGI::Simple::Cookie->fetch; foreach (keys %cookies) { do_something($cookies{$_}); }
In a scalar context, fetch() returns a hash reference, which may be more efficient if you are manipulating multiple cookies.
CGI::Simple uses the URL escaping methods to save and restore reserved characters in its cookies. If you are trying to retrieve a cookie set by a foreign server, this escaping method may trip you up. Use raw_fetch() instead, which has the same semantics as fetch(), but performs no unescaping.
You may also retrieve cookies that were stored in some external form using the parse() class method:
$COOKIES = `cat /usr/tmp/Cookie_stash`; %cookies = CGI::Simple::Cookie->parse($COOKIES);
Cookie objects have a series of accessor methods to get and set cookie attributes. Each accessor has a similar syntax. Called without arguments, the accessor returns the current value of the attribute. Called with an argument, the accessor changes the attribute and returns its new value.
$name = $c->name; $new_name = $c->name('fred');
$value = $c->value; @new_value = $c->value(['a','b','c','d']);
value() is context sensitive. In a list context it will return the current value of the cookie as an array. In a scalar context it will return the first value of a multivalued cookie.
Original version copyright 1997-1998, Lincoln D. Stein. All rights reserved. Originally copyright 2001 Dr James Freeman <jfreeman@tassie.net.au> This release by Andy Armstrong <andy@hexten.net>
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Address bug reports and comments to: andy@hexten.net
This section intentionally left blank :-)
CGI::Carp, CGI::Simple
2015-08-22 | perl v5.20.2 |