Very good [JS] cookie proficiency page 1/2

Source: Internet
Author: User
Tags set cookie

If you have a bad memory like an author, you may not be able to remember people's names. When I met someone, I just nodded and asked, "Have you eaten !", And expect greetings to end here
. If you still need to express something, I have to turn to some tricky techniques to help me think about who the other person is. For example, people related to each other, regardless of their relationships.
Far away, as long as you can avoid the embarrassment of not remembering the name of the other Party: "How about mafister, the cute nephew of your neighbor next door ?" In this way, I want to make the other Party feel that I do
I really pay attention to him or her, and even remember these things, even though I forgot my name. However, it is not that I do not pay attention to it, but that my memory is really bad and I need to remember the name
There are too many words. If I can set cookies for everyone, I will not commit this memory problem any more.

In this articleArticleTo learn:

1. What is cookies?
2. Cookie Composition
3. Manipulate cookies
4. cookie monsters

What is cookies?

You will ask, what is cookies? Cookies are a small amount of data stored by browsers on users' computers. It is associated with a specific web page or web site, automatically in the web browser and
Transfer Between Web servers.

For example, if you are running a Windows operating system and use Internet Explorer to access the Internet, you will find that there is a subdirectory under your "Windows" directory called
"Temporary Internet Files ". If you have time to look at this directory, you will find some files in it. The file name looks like an email address. For example, on my machine
There is a file like "" in this directory. This is a cookie file. Where does this file come from? Guess, it comes from Microsoft's support site
Point. By the way, this is not my email address.

Cookies are a good solution for managing small and unimportant details that do not want to be stored in the central database. (This does not mean that everyone's name is not important .) For example
The ever-increasing number of custom services on the previous website can be customized for each user. If you are designing such a site, how do you manage this information: 1.
Users prefer green menu bar while others prefer red menu bar. It is indeed a tiring question. However, such information can be securely recorded into cookies and stored in users'
Computing machine, and your own database space can leave more meaningful data for a longer period of time.

FYI: cookies are usually useful for security purposes. I don't want to go too deep on this issue here. I just provide an example to see how to use
Cookies to ensure site security:

1. Use the user name and password to Log On Through SSL.
2. Check the username and password in the database on the server. If the logon succeeds, create a message digest (such as MD5) for the current time tag and save it in the cookie and server count.
Databases. Save the user's logon time in the user records in the server database.
3. When performing each security transaction (any transaction in which the user is logged on), compare the cookie message digest with the digest saved in the server database. If the comparison fails,
The user is directed to the logon interface.
4. If Step 2 passes the check, check whether the time of the current time and logon time sound exceeds the allowed time length. If the user has timed out
5. If both steps 3rd and 4th pass, reset the logon time to the current time to allow transactions to occur. Most of the security sites you need to log on to may use
Cookie Composition

Cookies were originally designed for CGI programming. However, we can also use JavaScript scripts to manipulate cookies. In this article, we will demonstrate how to use JavaScript scripts
To manipulate cookies. (If necessary, I may introduce how to use Perl for Cookie Management in future articles. However, if you cannot wait, I will teach you the following:
Take a closer look at CGI. PM. In this CGI package, there is a cookie () function that can be used to create a cookie. However, let's first introduce the nature of cookies.

In JavaScript scripts, a cookie is actually a string attribute. When you read the cookie value, you get a string containing all the cookies used on the current web page.
Name and value. Each Cookie has four attributes besides the name and value attributes. These attributes are: expires expiration time, Path, domain,
And secure security.

Expires-expiration time. Specifies the life cycle of the cookie. Specifically, the value is the expiration date. If you want to make the cookie longer than the current browser session time, you must use this
. When the expiration date expires, the browser can delete the cookie file without any impact.

Path-path. Specifies the web page associated with the cookie. The value can be a directory or a path. If a creates
Cookie. That is to say
Any page in the can access the cookiebuilt at
But what if the needs to access the cookesset in In this case
Set the path attribute of cookies to "/". When specifying a path, all web pages with the same path in the URL from the same server can share cookies. Now look at another
For example, if you want the and cookies, you need to set pathas"
/Devhead ".

Domain-domain. Specify the associated web server or domain. The value is a domain name, such as This is an extension of the path attribute. If we want can access cookies set by What should I do? We can set the domain attribute to ""
And set the path attribute to "/". FYI: you cannot set the cookie domain attribute to a value different from the domain of the server on which it is set.

Secure-security. Specify how the cookie value is transmitted between the user and the Web server over the network. The value of this attribute is either "secure" or empty. By default
Is null, that is, data is transmitted using insecure HTTP connections. If a cookie is marked as secure, it is connected to the Web server through https or other security protocols.
Transmit data. However, setting the secure attribute does not mean that others cannot see the cookies saved locally on your machine. In other words, to set the cookie to secure, only the cookie and Web
The data transmission process between servers is encrypted, but the cookie files stored locally are not encrypted. If you want to encrypt the local cookie, you must encrypt the data yourself.


Remember that cookie is a string attribute of the document. To save the cookie, create a string in the format of name = <value> (name = value) and
Document. Set cookie to be equal to it. For example, if you want to save the user name received by the formCodeIt looks like this:

Document. Cookie = "username" + escape (Form. username. value );

Here, using the escape () function is very important because the cookie value may contain semicolons, commas, or spaces. This means that the corresponding
The Unescape () function decodes the value.

Of course, we also need to introduce the four attributes of cookies. These attributes are added to the string value in the following format:

Name = <value> [; expires = <date>] [; domain = <domain>] [; Path = <path>] [; secure]

Name = <value> [; expires = <date>] [; domain = <domain>] [; Path = <path>] [; security]

<Value>, <date>, <domain>, and <path> should be replaced with the corresponding values. <Date> The GMT format should be used, and the date type in Javascript script language can be used
. Togmtstring () method to obtain the date value in GMT format. Square brackets indicate that this item is optional. For example, square brackets on the two sides of [; secure] indicate that you want to set the cookie to secure.
, You need to add "; secure" to the end of the cookie string value. If "; secure" is not added to the cookie string, the cookie is insecure. Do not set
Angle brackets <> and square brackets [] are added to the cookie (unless they are content of some values ). You can set attributes in any order.

The following is an example. In this example, the cookie "username" is set to expire after 15 minutes. It can be accessed by all directories on the server and ""
All servers in the domain are accessed, and the security status is secure.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.