Cookies Ingredients

The cookie information in document.cookie may look like a simple string of name and value pairs, each in the form of

name=value;

but really each cookie has certain other pieces of information associated with it, as outlined in the following sections.

The definitive specification for cookies was published in 2011 as RFC6265. You can read it at http://tools.ietf.org/html/rfc6265.

cookieName and cookieValue

These are the name and value visible in each name=value pair in the cookie string.

domain

The domain attribute tells the browser to which domain the cookie belongs. This attribute is optional, and when not specified its value defaults to the domain of the page setting the cookie.

The purpose of the domain attribute is to control cookie operation across subdomains. If the domain is set to www.example.com, then pages on a subdomain such as code.example.com cannot read the cookie. If, however, domain is set to example.com, then pages in code.example.com will be able to access it

You cannot set the domain attribute to any domain outside the one containing your page.

Path

The path attribute lets you specify a directory where the cookie is available. If you want the cookie to be only set for pages in directory documents, set the path to /documents. The path attribute is optional, the usual default path being /, in which case the cookie is valid for the whole domain

secure

The optional and rarely used secure flag indicates that the browser should use SSL security when sending the cookie to the server.

expires

Each cookie has an expires date after which the cookie is automatically deleted. The expires date should be in UTC time (Greenwich Mean Time, or GMT). If no value is set for expires, the cookie will only last as long as the current browser session and will be automatically deleted when the browser is closed.