Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

75 lines (56 sloc) 2.351 kb
<erl>
out(A) ->
{ssi, "TAB.inc", "%%",[{"cookies", "choosen"}]}.
</erl>
<div id="entry">
<h1>Yaws and Cookies</h1>
<p>
Cookies are the means in HTTP to assign data to a session. A HTTP session
typically consists of many (and sometimes concurrent) TCP connections from the
client to the web server. The first time a client arrives to our webserver, we
issue the HTTP header <tt>Set-Cookie: var=someval</tt>. The browser will then in
subsequent connections to the same server pass this cookie "var=someval" in its
client side <tt>Cookie: var=someval</tt> header. We can thereby assign state to a
session, either through data actualy encoded into the cookie value itself, or by
associating server side session data to the cookie.</p>
<p>
Let's do an example where we set a simple cookie, and create a specific erlang process
which is then responsible for that session.
The cookie value will be a string encoding of the pid handling the session.
</p>
<p>
The yaws code in
<a href="setcookie.yaws">setcookie.yaws</a> sets the cookie in the browser. Note that
the call to <code>yaws_api:set_cookie/3</code> in the example returns a header setting
(like <code>{header, HeaderNameAndValue}</code>) from the <code>out/1</code> function,
which directs Yaws to set the specified header in the response to the browser.
</p>
<p>And the yaws code in <a href="readcookie.yaws">readcookie.yaws</a>
will read the cookie
and report some uninteresting session data.
</p>
<p>
A correct definition of cookies can be found in
<a href="http://tools.ietf.org/html/rfc6265">RFC 6265</a></p>
<h2>Set Cookie</h2>
<p>The code to set the cookie looks like:</p>
<erl>
out(A) ->
{ok, B} = file:read_file(A#arg.docroot ++ "/setcookie.yaws"),
{ehtml,
{'div', [{class, "box"}],
{pre,[], B}}}.
</erl>
<p>This is the page that set the cookie in the browser.
<a href="readcookie.yaws">readcookie.yaws</a> will
read the cookie and report persistent information as
long as the browser session exists.
<p> it will set the cookie
<tt>foobar = &lt;x,y,z&gt;; </tt> where the
x,y,z string is the textual representation of an
actual erlang pid which will be responsible for
this session.
</div>
<erl>
out(A) -> {ssi, "END2",[],[]}.
</erl>
Jump to Line
Something went wrong with that request. Please try again.