Client-Side Cookies

Introduction

Client-side cookies are a mechanism by which servers can both store and retrieve information on the client side of the connection. Servers can send cookies specific to URLs on the site, and cookie-capable clients (e.g. Netscape) will transmit cookies stored from previous sessions each time they reconnect to the URls. As a client moves around a site, the server can send cookies in response to different actions so the client stores state that the server may need later. The client stores the cookies in its "cookies" file, and if the same URL is later revisited, sends the cookies back to the server. The server may use this information to customize behavior or page layout according to particular users' preferences or earlier actions.

Uses for cookies include:

• Shopping Carts that store intended purchases as different parts of a site are visited.
• Maps of a client's paths around your site.
• A Mail Archive tailored so messages previously read can be left out.

Using Cookies With CL-HTTP

The macro http:with-cookie-values and functions http:set-cookie-http-headers provide a convenient interfaces for CL-HTTP developer to use cookies in response functions. Together, these two facilities allow the application to store information on the client and access that information in response functions.

http:with-cookie-values is a macro which is wrapped around code that uses the cookie values. If the the cookies are known at compile time, they can be passed in as the variables argument to http:with-cookie-values macro. In this case, local variable by those names will be bound in the run time to the cookie values sent by the client or NIL cookies are unavailable If the cookie names are determined at runtime, the local macro get-cookie may be used to access the cookie value. The developer may also access the variable http:cookies, http:current-user-agent, and http:current-user-agent-version within the scope of the macro.

http:set-cookie-http-headers is a function that, when given a list of cookies with each cookie in the form of (name value &key expires domain path secure), returns the header plist. The header plist is what is passed in to the :additional-headers field of the http:with-successful-response macro, so that the set-cookie header is sent out to the client.

Application may wish to use http:write-to-armor-plated-string and http:read-from-armor-plated-string to protect Lisp data from damage in transit.

Example

You can try an example using cookies called computed-cookie-form. The source code for this example is available in http:examples;exports.lisp, under the subheading Client-Side Cookies.

More Information: The following links provide more information about cookies in general.

• Client Side State - HTTP Cookies, by Netscape, is the specification used by most implementations of cookies, including CL-HTTP.