1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Nine Nines Support: Cowboy User Guide</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Change them or set them up as you like -->
<meta name="description" content="">
<meta name="author" content="(Soft10) Pol Cámara">
<!-- Stylesheets -->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:400,700,400italic' rel='stylesheet' type='text/css'>
<link href="/css/bootstrap.min.css" rel="stylesheet">
<link href="/css/99s.css" rel="stylesheet">
<!-- <link href="js/google-code-prettify/prettify.css" rel="stylesheet"> -->
<link href="/css/sh99s.css" rel="stylesheet"/>
<!-- Enables html5 support on older browsers, other js is placed at the end of the page to speed up loading -->
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<link rel="shortcut icon" href="/img/ico/favicon.ico">
<link rel="apple-touch-icon-precomposed" sizes="114x114" href="/img/ico/apple-touch-icon-114.png">
<link rel="apple-touch-icon-precomposed" sizes="72x72" href="/img/ico/apple-touch-icon-72.png">
<link rel="apple-touch-icon-precomposed" href="/img/ico/apple-touch-icon-57.png">
<link rel="alternate" href="/feeds/atom.xml" type="application/atom+xml" title="Nine Nines Atom Feed">
</head>
<body class="big_text docs">
<header id="page-head">
<div id="topbar" class="container">
<div class="row">
<div class="span2">
<h1 id="logo"><a href="/" title="99s">99s</a></h1>
</div>
<div class="span10">
<!-- Top navigation and social icons-->
<div id="side-header">
<nav>
<ul>
<li><a title="Erlang training" href="/training">Training</a></li>
<li><a title="Technical publications" href="/articles">Articles</a></li>
<li><a title="Our talks" href="/talks">Talks</a></li>
<li class="active"><a title="Our services" href="/support">Pricing & Sponsoring</a></li>
<li><a title="Community support" href="http://lists.ninenines.eu">Mailing Lists</a></li>
<li><a title="Contact us" href="mailto:[email protected]">Contact</a></li>
</ul>
</nav>
<ul id="social">
<li>
<a href="https://github.com/ninenines" title="Check our Github repositories"><img src="/img/ico_github.png" data-hover="/img/ico_github_alt.png" alt="Github"></a>
</li>
<li class="dropdown" id="twitter-links">
<a href="#twitter-links" class="dropdown-toggle" data-toggle="dropdown" title="Follow us on Twitter">
<img src="/img/ico_microblog.png" data-hover="/img/ico_microblog_alt.png" alt="Twitter">
</a>
<ul class="dropdown-menu">
<li><a title="Visit Loïc Hoguin's Twitter Account" href="http://twitter.com/lhoguin">@lhoguin</a></li>
<!-- <li class="divider"></li>
<li><a title="Visit our official Twitter account" href="#">@99s</a></li> -->
</ul>
</li>
<!-- <li>
<a href="/css/" title="Add us on Linkedin"><img src="/img/ico_linkedin.png" data-hover="img/ico_linkedin_alt.png" alt="Linkedin"></a>
</li> -->
</ul>
</div>
</div>
</div>
</div>
</header>
<div id="contents" class="two_col">
<div class="container">
<div class="row">
<div id="docs" class="span9 maincol">
<h1 class="lined-header"><span>Using cookies</span></h1>
<p>Cookies are a mechanism allowing applications to maintain state on top of the stateless HTTP protocol.</p>
<p>Cowboy provides facilities for handling cookies. It is highly recommended to use them instead of writing your own, as the implementation of cookies can vary greatly between clients.</p>
<p>Cookies are stored client-side and sent with every subsequent request that matches the domain and path for which they were stored, including requests for static files. For this reason they can incur a cost which must be taken in consideration.</p>
<p>Also consider that, regardless of the options used, cookies are not to be trusted. They may be read and modified by any program on the user's computer, but also by proxies. You should always validate cookie values before using them. Do not store any sensitive information in cookies either.</p>
<p>When explicitly setting the domain, the cookie will be sent for the domain and all subdomains from that domain. Otherwise the current domain will be used. The same is true for the path.</p>
<p>When the server sets cookies, they will only be available for requests that are sent after the client receives the response.</p>
<p>Cookies are sent in HTTP headers, therefore they must have text values. It is your responsibility to encode any other data type. Also note that cookie names are de facto case sensitive.</p>
<p>Cookies can be set for the client session (which generally means until the browser is closed), or it can be set for a number of seconds. Once it expires, or when the server says the cookie must exist for up to 0 seconds, the cookie is deleted by the client. To avoid this while the user is browsing your site, you should set the cookie for every request, essentially resetting the expiration time.</p>
<p>Cookies can be restricted to secure channels. This typically means that such a cookie will only be sent over HTTPS, and that it will only be available by client-side scripts that run from HTTPS webpages.</p>
<p>Finally, cookies can be restricted to HTTP and HTTPS requests, essentially disabling their access from client-side scripts.</p>
<h2 id="setting_cookies">Setting cookies</h2>
<p>By default, cookies you set are defined for the session.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
SessionID = generate_session_id(),
Req2 = cowboy_req:set_resp_cookie(<<"sessionid">>, SessionID, [], Req).
]]></script>
<p>You can also make them expire at a specific point in the future.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
SessionID = generate_session_id(),
Req2 = cowboy_req:set_resp_cookie(<<"sessionid">>, SessionID, [
{max_age, 3600}
], Req).
]]></script>
<p>You can delete cookies that have already been set. The value is ignored.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
Req2 = cowboy_req:set_resp_cookie(<<"sessionid">>, <<>>, [
{max_age, 0}
], Req).
]]></script>
<p>You can restrict them to a specific domain and path. For example, the following cookie will be set for the domain <code>my.example.org</code> and all its subdomains, but only on the path <code>/account</code> and all its subdirectories.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
Req2 = cowboy_req:set_resp_cookie(<<"inaccount">>, <<"1">>, [
{domain, "my.example.org"},
{path, "/account"}
], Req).
]]></script>
<p>You can restrict the cookie to secure channels, typically HTTPS.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
SessionID = generate_session_id(),
Req2 = cowboy_req:set_resp_cookie(<<"sessionid">>, SessionID, [
{secure, true}
], Req).
]]></script>
<p>You can restrict the cookie to client-server communication only. Such a cookie will not be available to client-side scripts.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
SessionID = generate_session_id(),
Req2 = cowboy_req:set_resp_cookie(<<"sessionid">>, SessionID, [
{http_only, true}
], Req).
]]></script>
<p>Cookies may also be set client-side, for example using Javascript.</p>
<h2 id="reading_cookies">Reading cookies</h2>
<p>As we said, the client sends cookies with every request. But unlike the server, the client only sends the cookie name and value.</p>
<p>You can read the value of a cookie.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
{CookieVal, Req2} = cowboy_req:cookie(<<"lang">>, Req).
]]></script>
<p>You can also get a default value returned when the cookie isn't set.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
{CookieVal, Req2} = cowboy_req:cookie(<<"lang">>, Req, <<"fr">>).
]]></script>
<p>And you can obtain all cookies at once as a list of key/value tuples.</p>
<script type="syntaxhighlighter" class="brush: erlang"><![CDATA[
{AllCookies, Req2} = cowboy_req:cookies(Req).
]]></script>
<!-- a.code -->
</div>
<div class="span3 sidecol">
<div class="input-append">
<form id="form-search" class="form-search" action="#">
<input id="input-search" type="text" placeholder="Function search" autocomplete="off" autofocus class="input-medium search-query span2">
<button type="submit" class="btn btn-success">Go</button>
</form>
</div>
<h3 id="docs-nav">Navigation</h3>
<h3>See also</h3><ul><li><a href="/docs/en/cowboy/1.0/manual/">Function Reference</a></li><li><a href="/docs/en/cowboy/1.0/index.html">README</a></li></ul>
<h3>Version select</h3>
<ul>
<li><a href="/docs/en/cowboy/1.0/guide/"><strong>1.0</strong></a></li>
<li><a href="/docs/en/cowboy/HEAD/guide/"><strong>HEAD</strong></a></li>
</ul>
</div>
</div>
</div>
</div>
<footer>
<div class="container">
<div class="row">
<div class="span6">
<p id="scroll-top"><a href="#">↑ Scroll to top</a></p>
<nav>
<ul>
<li><a href="mailto:[email protected]" title="Contact us">Contact us</a></li><li><a href="https://github.com/ninenines/ninenines.github.io" title="Github repository">Contribute to this site</a></li>
</ul>
</nav>
</div>
<div class="span6 credits">
<p><img src="/img/footer_logo.png"></p>
<p>Copyright © Nine Nines 2012-2014</p>
</div>
</div>
</div>
</footer>
<!-- Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
<script src="/js/bootstrap-carousel.js"></script>
<script src="/js/bootstrap-dropdown.js"></script>
<script src="/js/custom.js"></script>
<script type="text/javascript" src="/js/shCore.js"></script>
<script type="text/javascript" src="/js/shlang/shBrushBash.js"></script>
<script type="text/javascript" src="/js/shlang/shBrushErlang.js"></script>
<script type="text/javascript" src="/js/shlang/shBrushJScript.js"></script>
<script type="text/javascript" src="/js/shlang/shBrushPlain.js"></script>
<script type="text/javascript">SyntaxHighlighter.all();</script>
<script type="text/javascript" src="/js/fuse.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
var f;
$.getJSON("/docs/db.json", function(data){
f = new Fuse(data, {keys: ["n"], threshold: 0.3});
$("<ul id=\"search-results\">").insertAfter("#form-search");
});
$("#input-search").keyup(function(e){if(f){if (e.which != 13 ){
var results = f.search($(this).val());
if (results.length == 0){
$("#form-search").attr("action", "#");
}else{
$("#form-search").attr("action", results[0].l);
}
$("#search-results").empty();
for (var i = 0; i < 10 && i < results.length; i++){
$("<li><a href=\"" + results[i].l + "\">" + results[i].n + "</a></li>")
.appendTo("#search-results");
}
}}});
});
</script>
</body>
</html>
|
