Free Web tutorials covering HTML, CSS, JavaScript, and DHTML from beginner to advanced. Free downloads and developer resources. Personalized help via email, form, and chat.

free, web, tutorials, HTML, html, CSS, css, stylesheet, cascading stylesheet, Javascript, javascript, JavaScript, DHTML, dhtml, beginner, advanced, web development, web page, web site, free web tutorial, free HTML tutorial, free CSS tutorial, free css tutorial, free cascading stylesheet tutorial, free stylesheet tutorial, free javascript tutorial, free DHTML tutorial, free HTML class, free CSS class, free stylesheet class, free cascading stylesheet class, free javascript class, free DHTML class">

Free Web tutorials covering HTML, CSS, JavaScript, and DHTML from beginner to advanced. Free downloads and developer resources. Personalized help via email, form, and chat. free, web, tutorials, HTML, html, CSS, css, stylesheet, cascading stylesheet, Javascript, javascript, JavaScript, DHTML, dhtml, beginner, advanced, web development, web page, web site, free web tutorial, free HTML tutorial, free CSS tutorial, free css tutorial, free cascading stylesheet tutorial, free stylesheet tutorial, free javascript tutorial, free DHTML tutorial, free HTML class, free CSS class, free stylesheet class, free cascading stylesheet class, free javascript class, free DHTML class

<Code_Punk>'s

Advanced JavaScript Lesson 30:
Other Cookie Attributes

Code Tutorials



Site Development



Downloads



Help!!



Home

What I called a "cookie command" in the previous lesson is sometimes referred to as a cookie attribute. We've already learned two of these commands: "name=" and "expiration=". Below is a list of these and other available commands. This is a good page to copy for future reference.

Name

"my_cookie_name=" + escape("My cookie's data")

A cookie can be given a name by setting a name to equal the data string. We'll see how this is used in a later tutorial to find data among many cookies.

The "name=" and data substring are always the first part of a cookie string. Only text preceding the first semi-colon (;) is read as cookie data.

The output string of the above (what would be shown if the string were displayed in an alert() box) would be:

my_cookie_name=My%20cookie%27s%20data

Expiration Date

Adding an expiration date was discussed in the previous lesson. It's added by putting a semi-colon after the cookie's data and using "expires=":

"my_cookie_name=" + escape("My cookie's data") + ";expires=" + a_Date()_object_name

Notice that only the data substring is "escape()d". Not, the "name=" part.

Now the string, as viewed in an alert() box, would read:

my_cookie_name=My%20cookie%27s%20data;expires=[date]

Domain

You can set your cookie to be read by other sites and pages within your overall domain. The syntax is:

domain=[URL of allowed domain]

Say I wanted a cookie to be read by every dot-org in UK (.org.uk). I'd set my domain equal to ".org.uk". Now all sites in that domain would get my cookie when reading "document.cookie". The highest level of the URL hierarchy I could reach is ".uk". I could not make my cookies available to ".com" or ".org" or ".net". My site is not part of those domains

As you might imagine, this can cause all sorts of problems that we'll solve later. Fortunately, by default, cookies can only be read by the specific domain that sets them. Cookies set by this site can only be read by "http://codepunk.hardwar.org.uk/" (my domain name) by default.

Here's how to add the "domain=" code to make my cookies readable by those above me in the larger ".org.uk" hierarchy:

"my_cookie_name=" + escape("My cookie's data") + ";expires=" + a_Date()_object_name + ";domain=.org.uk"

Notice the use of a second semi-colon (;). Semi-colons are used to separate all cookie attributes/commands. Also notice that I do not need to put the actual domain value (.org.uk) in nested quotes.

Like "expires=", "domain=" is not read as cookie data. It is read as a command. Only the text preceding the first semi-colon (;) is read as cookie data.

If presented in an alert() box, our string would now read:

my_cookie_name=My%20cookie%27s%20data;expires=[date];domain=.org.uk

Path

Just as you can use "domain=" to go up the URL hierarchy and let other site's read your cookies, you can also limit cookie reading to particular areas of your site by using "path=".

Let's say I only want to use a particular cookie in a specific directory of pages on my site. Lets call the directory "special":

"my_cookie_name=" + escape("My cookie's data") + ";expires=" + a_Date()_object_name + ";domain=http://codepunk.hardwar.org.uk/;path=/special"

The above would limit the cookie to being read only by pages in a "special" folder on my site. Note that, again, there are no quotes around the value for "path=". Also note that I had to change "domain=" back to my specific domain. It's all just one big long string. Here's what it would look like now:

my_cookie_name=My%20cookie%27s%20data;expires=[date];domain=http://codepunk.hardwar.org.uk;path=/special

Secure

You can add ";secure" to the end of your cookies to toggle on a secure mode. This means the cookie cannot be read except with a secure (SSL) request. Just add:

"my_cookie_name=" + escape("My cookie's data") + ";expires=" + a_Date()_object_name + ";domain=http://codepunk.hardwar.org.uk/;path=/special;secure"

Now the final cookie string would read like this in an alert() box:

my_cookie_name=My%20cookie%27s%20data;expires=[date];domain=http://codepunk.hardwar.org.uk;path=/special;secure

The good news is that just about every cookie you write will only include the cookie data and an "expires=" command. You should save this page, however, for future reference in the event you need to code a special cookie.



To Next Advanced JavaScript Lesson

Back To Advanced JavaScript Index