AddCookie Method

Transmits the response and the request to save the cookie to the client. In case of future requests the client sends this cookie automatically to the AFP document where it is then available through Request.Cookies().

Syntax

Response.AddCookie( cName, [cValue], [cPath], [uDate] )

Parameter

cName

Each cookie must have a unique name. This name can consist of the letters A to Z, numerals, and underscores. Umlauts are not valid.

cValue

At the next invocation the browser transmits the value contained in cValue to Request.Cookies(). If no value is transmitted, the assumed value is an empty character string. Values can be made up of letters, numerals und underscores. Umlauts and special characters are to be avoided, since depending on the browser and the OS, unexpected conversions can occur.

cPath

Before transmitting a cookie to a web page the browser checks if the web page is authorized to receive cookies. The first criterion used in this process is the server name. Cookies are only transmitted to the server that originally provided them. The name of the server is the essential criterion. The servers www.afpages.de and admin.afpages.de count as different servers.

The second criterion used in this process is the server name. If no path is entered, all cookies are transmitted as a matter of principle every time a server calls a page. If you enter a path you can confine this transmission to a subdirectory. If e.g. there is an application in http:/server.de/sales, you can prevent the transmission of cookies to other applications in the same domain by entering "/sales" in the parameter cPath.

A path is always inclusive of all subordinate paths. Entering the path "/" will also transmit cookies to all pages of a domain. Please note that paths are separated by "/"rather than by the backslash "\" commonly used in Windows.

uDate

Cookies may have an automatic expiry date. The cookie will not be saved permanently if no expiry date is transmitted. Most browsers will keep this value in the memory and discard it when the browser closes. Since permanent user tracking is not possible with this method, a number of browsers permit the storage of these session cookies even if other cookies may not be saved.

If a date is transmitted, the cookie will not be transmitted to the server after that date. The local time of the client machine applies here. The date can be transmitted as a calendar date value or a date time value or else as a character string in the date format laid down by the Netscape specification.

Note

Response.AddCookie() permits the creation of a cookie with a single line of code specifying the most common options. Further options may be specified through the function Response.SetCookie which allows you to adjust specific individual options. Additionally, you can access the Response.Cookies collection from all AFP versions with the exception of the AFP Engine (EXE7) which is based on Visual FoxPro 7.0. Of all access methods, this method provides the maximum flexibility.

Under normal circumstances you would use cookies to personalize pages (personalization cookie) or to let users access your application without having to log in anew (authentication cookie). Example: If you wanted to save a user ID that is saved in lcID as a cookie for the next thirty days, you would proceed as follows:

Response.AddCookie( "ID", m.lcID, "/", DATE()+30 )

This ID can then be retrieved at every page call as shown in the following sample code:

LOCAL lcID

lcID = Request.Cookies("ID")

Please bear in mind that it is always the client, i.e. the user who decides whether or not a cookie should be saved. If he won't save the cookie, Request.Cookies() will at the next invocation return an empty string in lieu of the ID.

More information about the use of cookies and their security risks can be found in the documentation of the Response.Cookies collection.