Session.SetCookie
SetCookie MethodUse this method to store a "cookie" as a key/value pair in the client browser.
| Method Prototype | Description |
|---|---|
| Public Sub SetCookie(name As String, value As String, expiration As Date=Nil, path As String="/", domain As String="", secure As Boolean=false, httpOnly As Boolean=false) | store a cookie on the client/browser |
| Parameter | Type | Description |
|---|---|---|
| name | String | cookie name (key) |
| value | String | cookie value |
| [expiration] | Date | date/time cookie should expire |
| [path] | String | URL path that can receive the cookie |
| [domain] | String | domain (or partial domain) that can receive the cookie |
| [secure] | String | if true, cookie will only be returned over HTTPS |
| [httpOnly] | String | if true, cookie will only be available to http requests |
Use the SetCookie method (also available as Session.SetCookie) to store a key/value pair, or "cookie," in the client's browser. This key/value pair can be retrieved later (under certain conditions), giving your web application a way to store a small bit of persistent data with a client.
Note that whether this cookie is actually stored, how long it is kept, and under what conditions it might be returned, are entirely up to the client software. The SetCookie method merely sets a header on the HTTP stream that should be interpreted as a request; the client may chose to ignore any or all such requests.
Some notes on the optional parameters:
Expiration: if not specified, then the cookie will expire at the end of the client's current session (typically, when the user closes that browser window).
Path: this defines the set of pages within the domain which may receive the given cookie value as part of the HTTP request. Note an important difference from PHP: if you do not specify path (or specify it as ""), then this value defaults to "/" — that is, the cookie will be sent with all requests to that domain. If you want it sent only to the current page, then specify "." instead.
Domain: if not specified, this will default to the current domain.
Secure: if true, the cookie will only be returned with HTTPS requests, not with ordinary HTTP requests. Defaults to False.
HttpOnly: if true (and if the client supports this), the cookie will only be sent with http requests; it will not be available in other ways (e.g. to JavaScripts). Defaults to False.