-
Notifications
You must be signed in to change notification settings - Fork 0
/
cookies.html
187 lines (143 loc) · 6.27 KB
/
cookies.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta name="keywords" content="Yaws"/>
<title>Yaws</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link rel="stylesheet" type="text/css" href="stil.css"/>
<link rel="shortcut icon" href="/icons/yaws_y.gif" type="image/x-icon"/>
</head>
<body>
<div class="logo">
<img src="icons/yaws_head.gif" width="600" alt="YAWS"/>
</div>
<div id="sidebar">
<h4> Yaws </h4>
<div class=""> <a href="index.html" id="index" >Top Page</a> </div>
<div class=""> <a href="configuration.html" id="configuration">Build Config and Run</a></div>
<div class=""> <a href="dynamic.html" id="dynamic" >Dynamic Content</a> </div>
<div class=""> <a href="https://github.com/erlyaws/yaws/releases/" id="download">Download </a> </div>
<div class=""> <a href="contact.html" id="contact">Contact </a> </div>
<div class=""> <a href="doc.html" id="doc">Documentation</a> </div>
<div class=""> <a href="articles.html" id="resources">Articles</a> </div>
<h4> Examples </h4>
<div class=""> <a href="/json_intro.html">AJAX/JSON RPC</a></div>
<div class=""> <a href="/appmods.html">Appmods</a> </div>
<div class=""> <a href="/arg.html">Arg</a> </div>
<div class=""> <a href="/privbind.html">Binding to Privileged Ports</a></div>
<div class=""> <a href="/bindings.html">Bindings</a> </div>
<div class=""> <a href="/cgi.html">CGI</a></div>
<div class=""> <a href="/session.html">Cookie Sessions</a> </div>
<div class="choosen"> <a href="/cookies.html">Cookies</a> </div>
<div class=""> <a href="/dynamic.html">Dynamic Content</a> </div>
<div class=""> <a href="/embed.html">Embedding Yaws</a></div>
<div class=""> <a href="/upload0.html">File Upload</a> </div>
<div class=""> <a href="/form.html">Forms</a> </div>
<div class=""> <a href="/haxe_intro.html">haXe Remoting</a></div>
<div class=""> <a href="/pcookie.html">Persistent Cookies</a> </div>
<div class=""> <a href="/query.html">Query Part of URL</a></div>
<div class=""> <a href="/rebar_release.html">Rebar Releases</a></div>
<div class=""> <a href="/redirect.html">Redirect</a> </div>
<div class=""> <a href="/server_sent_events.html">Server-Sent Events</a> </div>
<div class=""> <a href="/ssi.html">Server Side Includes</a> </div>
<div class=""> <a href="/simple.html">Simple</a> </div>
<div class=""> <a href="/soap_intro.html">SOAP with Yaws</a></div>
<div class=""> <a href="/stream.html">Streaming Data</a> </div>
<div class=""> <a href="/websockets.html">Web Sockets</a> </div>
<a href="/shoppingcart/index.html">Tiny Shopping Cart</a>
<div class=""> <a href="/yapp_intro.html">Yaws Applications (yapps)</a></div>
<div class=""> <a href="/logger_mod.html">Write Your Own Logger</a></div>
<h4> Misc </h4>
<div class=""> <a href="/internals.html">Internals</a> </div>
</div>
<div id="entry">
<h1>Yaws and Cookies</h1>
<p>
Cookies are the means in HTTP to assign data to a session. A HTTP session
typically consists of many (and sometimes concurrent) TCP connections from the
client to the web server. The first time a client arrives to our webserver, we
issue the HTTP header <tt>Set-Cookie: var=someval</tt>. The browser will then in
subsequent connections to the same server pass this cookie "var=someval" in its
client side <tt>Cookie: var=someval</tt> header. We can thereby assign state to a
session, either through data actualy encoded into the cookie value itself, or by
associating server side session data to the cookie.</p>
<p>
Let's do an example where we set a simple cookie, and create a specific erlang process
which is then responsible for that session.
The cookie value will be a string encoding of the pid handling the session.
</p>
<p>
The yaws code in
<a href="setcookie.html">setcookie.yaws</a> sets the cookie in the browser. Note that
the call to <code>yaws_api:set_cookie/3</code> in the example returns a header setting
(like <code>{header, HeaderNameAndValue}</code>) from the <code>out/1</code> function,
which directs Yaws to set the specified header in the response to the browser.
</p>
<p>And the yaws code in <a href="readcookie.html">readcookie.yaws</a>
will read the cookie
and report some uninteresting session data.
</p>
<p>
A correct definition of cookies can be found in
<a href="https://tools.ietf.org/html/rfc6265">RFC 6265</a></p>
<h2>Set Cookie</h2>
<p>The code to set the cookie looks like:</p>
<div class="box">
<pre><erl>
session(A, Visits) ->
receive
{From, tick} ->
N = calendar:local_time(),
From ! {self(), [N|Visits]},
session(A, [N|Visits])
after 60000 -> %% keep state for 60 secs only
exit(normal)
end.
out(A) ->
H = A#arg.headers,
C = H#headers.cookie,
case yaws_api:find_cookie_val("foobar", C) of
[] ->
Now = calendar:local_time(),
P = spawn(fun() -> session(A, [Now]) end),
yaws_api:set_cookie("foobar",
pid_to_list(P), [{path,"/"}]);
PidStr ->
Pid = list_to_pid(PidStr),
case process_info(Pid, messages) of
undefined ->
Now = calendar:local_time(),
P = spawn(fun() ->
session(A, [Now])
end),
yaws_api:set_cookie("foobar",
pid_to_list(P),
[{path,"/"}]);
_ ->
ok
end
end.
</erl>
</pre></div>
<p>This is the page that set the cookie in the browser.
<a href="readcookie.html">readcookie.yaws</a> will
read the cookie and report persistent information as
long as the browser session exists.
<p> it will set the cookie
<tt>foobar = <x,y,z>; </tt> where the
x,y,z string is the textual representation of an
actual erlang pid which will be responsible for
this session.
</div>
<div class="logo">
<img src="/icons/yaws_pb.gif" alt="pbyaws" />
</div>
<p>
<a href="https://validator.w3.org/check?uri=referer"><img
src="https://www.w3.org/Icons/valid-xhtml10"
alt="Valid XHTML 1.0!" height="31" width="88" /></a>
</p>
</body>
</html>