For Development HEAD DRAFTSearch (procedure/syntax/module):

Next: , Previous: , Up: Library modules - Utilities   [Contents][Index]

12.40 rfc.cookie - HTTP cookie handling

Module: rfc.cookie

Defines a set of functions to parse and construct a “cookie” information defined in RFC 6265.

Function: parse-cookie-string string :optional version

{rfc.cookie} Parse a cookie string string, which is the value of “Cookie” request header. Usually, the same information is available to CGI program via the environment variable HTTP_COOKIE.

If the cookie version is known, via “Cookie2” request header, the integer version must be passed to version. Otherwise, parse-cookie-string figures out the version from string.

The result has the following format.

((<name> <value> [:path <path>] [:domain <domain>] [:port <port>])

where <name> is the attribute name, and <value> is the corresponding value. If the attribute doesn’t have value, <value> is #f. (Note that it differs from the attribute having null value, "".) If the attribute has path, domain or port options, it is given as a form of keyword-value pair.

Note: To retrieve the value of a specific cookie conveniently, you can use rfc822-header-ref (see RFC822 message parsing).

Function: construct-cookie-string specs :optional version

{rfc.cookie} Given list of cookie specs, creates a cookie string suitable for Set-cookie2 or Set-cookie header.

Optional version argument specifies cookie protocol version. 0 for the old Netscape style format, and 1 for RFC2965 style format. When omitted, version 1 is assumed.

Each cookie spec has the following format.

(<name> <value> [:comment <comment>] [:comment-url <url>]
                [:discard <bool>] [:domain <domain>]
                [:max-age <age>] [:path <path>]
                [:port <port-list>] [:secure <bool>] [:http-only <bool>]
                [:version <version>] [:expires <date>])



A string. Name of the cookie.


Value of the cookie. May be a string, or #f if no value is needed.

<comment> <url> <domain> <path> <port-list>



Boolean value

<age> <version>



Either an integer (seconds since Epoch) or a formatted date string following the netscape cookie specification.

The attribute values are quoted appropriately. If the specified attribute is irrelevant for the version, it is ignored. So you can pass the same specs to generate both old-style and new-style cookie strings.

Return value is a list of cookie strings, each of which stands for each cookie. For old-style protocol (using Set-cookie header) you must send each of them by individual header. For new-style protocol (using Set-cookie2 header), you can join them with comma and send it at once. See RFC6265 for further details.

Some examples:

   `(("name" "foo" :domain "" :path "/"
                   :expires ,(+ (sys-time) 86400) :max-age 86400)))
 ⇒ ("name=foo;;Path=/;Max-age=86400")

   `(("name" "foo" :domain "" :path "/"
                   :expires ,(+ (sys-time) 86400) :max-age 86400))
 ("name=foo;;Path=/;Expires=Sun, 09-Sep-2001 01:46:40 GMT")

Next: , Previous: , Up: Library modules - Utilities   [Contents][Index]

For Development HEAD DRAFTSearch (procedure/syntax/module):