Commit | Line | Data |
3fea05b9 |
1 | .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.3 |
2 | .\" |
3 | .\" Standard preamble: |
4 | .\" ======================================================================== |
5 | .de Sh \" Subsection heading |
6 | .br |
7 | .if t .Sp |
8 | .ne 5 |
9 | .PP |
10 | \fB\\$1\fR |
11 | .PP |
12 | .. |
13 | .de Sp \" Vertical space (when we can't use .PP) |
14 | .if t .sp .5v |
15 | .if n .sp |
16 | .. |
17 | .de Vb \" Begin verbatim text |
18 | .ft CW |
19 | .nf |
20 | .ne \\$1 |
21 | .. |
22 | .de Ve \" End verbatim text |
23 | .ft R |
24 | .fi |
25 | .. |
26 | .\" Set up some character translations and predefined strings. \*(-- will |
27 | .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left |
28 | .\" double quote, and \*(R" will give a right double quote. | will give a |
29 | .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to |
30 | .\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' |
31 | .\" expand to `' in nroff, nothing in troff, for use with C<>. |
32 | .tr \(*W-|\(bv\*(Tr |
33 | .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' |
34 | .ie n \{\ |
35 | . ds -- \(*W- |
36 | . ds PI pi |
37 | . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch |
38 | . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch |
39 | . ds L" "" |
40 | . ds R" "" |
41 | . ds C` "" |
42 | . ds C' "" |
43 | 'br\} |
44 | .el\{\ |
45 | . ds -- \|\(em\| |
46 | . ds PI \(*p |
47 | . ds L" `` |
48 | . ds R" '' |
49 | 'br\} |
50 | .\" |
51 | .\" If the F register is turned on, we'll generate index entries on stderr for |
52 | .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index |
53 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
54 | .\" output yourself in some meaningful fashion. |
55 | .if \nF \{\ |
56 | . de IX |
57 | . tm Index:\\$1\t\\n%\t"\\$2" |
58 | .. |
59 | . nr % 0 |
60 | . rr F |
61 | .\} |
62 | .\" |
63 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
64 | .\" way too many mistakes in technical documents. |
65 | .hy 0 |
66 | .if n .na |
67 | .\" |
68 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
69 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
70 | . \" fudge factors for nroff and troff |
71 | .if n \{\ |
72 | . ds #H 0 |
73 | . ds #V .8m |
74 | . ds #F .3m |
75 | . ds #[ \f1 |
76 | . ds #] \fP |
77 | .\} |
78 | .if t \{\ |
79 | . ds #H ((1u-(\\\\n(.fu%2u))*.13m) |
80 | . ds #V .6m |
81 | . ds #F 0 |
82 | . ds #[ \& |
83 | . ds #] \& |
84 | .\} |
85 | . \" simple accents for nroff and troff |
86 | .if n \{\ |
87 | . ds ' \& |
88 | . ds ` \& |
89 | . ds ^ \& |
90 | . ds , \& |
91 | . ds ~ ~ |
92 | . ds / |
93 | .\} |
94 | .if t \{\ |
95 | . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" |
96 | . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' |
97 | . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' |
98 | . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' |
99 | . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' |
100 | . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' |
101 | .\} |
102 | . \" troff and (daisy-wheel) nroff accents |
103 | .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' |
104 | .ds 8 \h'\*(#H'\(*b\h'-\*(#H' |
105 | .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] |
106 | .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' |
107 | .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' |
108 | .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] |
109 | .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] |
110 | .ds ae a\h'-(\w'a'u*4/10)'e |
111 | .ds Ae A\h'-(\w'A'u*4/10)'E |
112 | . \" corrections for vroff |
113 | .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' |
114 | .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' |
115 | . \" for low resolution devices (crt and lpr) |
116 | .if \n(.H>23 .if \n(.V>19 \ |
117 | \{\ |
118 | . ds : e |
119 | . ds 8 ss |
120 | . ds o a |
121 | . ds d- d\h'-1'\(ga |
122 | . ds D- D\h'-1'\(hy |
123 | . ds th \o'bp' |
124 | . ds Th \o'LP' |
125 | . ds ae ae |
126 | . ds Ae AE |
127 | .\} |
128 | .rm #[ #] #H #V #F C |
129 | .\" ======================================================================== |
130 | .\" |
131 | .IX Title "CGI::Simple::Cookie 3" |
132 | .TH CGI::Simple::Cookie 3 "2009-05-31" "perl v5.8.7" "User Contributed Perl Documentation" |
133 | .SH "NAME" |
134 | CGI::Simple::Cookie \- Interface to browse cookies |
135 | .SH "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
137 | .Vb 2 |
138 | \& use CGI::Simple::Standard qw(header); |
139 | \& use CGI::Simple::Cookie; |
140 | .Ve |
141 | .PP |
142 | .Vb 7 |
143 | \& # Create new cookies and send them |
144 | \& $cookie1 = new CGI::Simple::Cookie( \-name=>'ID', \-value=>123456 ); |
145 | \& $cookie2 = new CGI::Simple::Cookie( \-name=>'preferences', |
146 | \& \-value=>{ font => Helvetica, |
147 | \& size => 12 } |
148 | \& ); |
149 | \& print header( \-cookie=>[$cookie1,$cookie2] ); |
150 | .Ve |
151 | .PP |
152 | .Vb 3 |
153 | \& # fetch existing cookies |
154 | \& %cookies = fetch CGI::Simple::Cookie; |
155 | \& $id = $cookies{'ID'}\->value; |
156 | .Ve |
157 | .PP |
158 | .Vb 2 |
159 | \& # create cookies returned from an external source |
160 | \& %cookies = parse CGI::Simple::Cookie($ENV{COOKIE}); |
161 | .Ve |
162 | .SH "DESCRIPTION" |
163 | .IX Header "DESCRIPTION" |
164 | CGI::Simple::Cookie is an interface to \s-1HTTP/1\s0.1 cookies, a mechanism |
165 | that allows Web servers to store persistent information on the browser's |
166 | side of the connection. Although CGI::Simple::Cookie is intended to be |
167 | used in conjunction with CGI::Simple.pm (and is in fact used by it |
168 | internally), you can use this module independently. |
169 | .PP |
170 | For full information on cookies see: |
171 | .PP |
172 | .Vb 1 |
173 | \& http://www.ics.uci.edu/pub/ietf/http/rfc2109.txt |
174 | .Ve |
175 | .SH "USING CGI::Simple::Cookie" |
176 | .IX Header "USING CGI::Simple::Cookie" |
177 | CGI::Simple::Cookie is object oriented. Each cookie object has a name |
178 | and a value. The name is any scalar value. The value is any scalar or |
179 | array value (associative arrays are also allowed). Cookies also have |
180 | several optional attributes, including: |
181 | .IP "\fB1. expiration date\fR" 4 |
182 | .IX Item "1. expiration date" |
183 | The expiration date tells the browser how long to hang on to the |
184 | cookie. If the cookie specifies an expiration date in the future, the |
185 | browser will store the cookie information in a disk file and return it |
186 | to the server every time the user reconnects (until the expiration |
187 | date is reached). If the cookie species an expiration date in the |
188 | past, the browser will remove the cookie from the disk file. If the |
189 | expiration date is not specified, the cookie will persist only until |
190 | the user quits the browser. |
191 | .IP "\fB2. domain\fR" 4 |
192 | .IX Item "2. domain" |
193 | This is a partial or complete domain name for which the cookie is |
194 | valid. The browser will return the cookie to any host that matches |
195 | the partial domain name. For example, if you specify a domain name |
196 | of \*(L".capricorn.com\*(R", then the browser will return the cookie to |
197 | web servers running on any of the machines \*(L"www.capricorn.com\*(R", |
198 | \&\*(L"ftp.capricorn.com\*(R", \*(L"feckless.capricorn.com\*(R", etc. Domain names |
199 | must contain at least two periods to prevent attempts to match |
200 | on top level domains like \*(L".edu\*(R". If no domain is specified, then |
201 | the browser will only return the cookie to servers on the host the |
202 | cookie originated from. |
203 | .IP "\fB3. path\fR" 4 |
204 | .IX Item "3. path" |
205 | If you provide a cookie path attribute, the browser will check it |
206 | against your script's \s-1URL\s0 before returning the cookie. For example, |
207 | if you specify the path \*(L"/cgi\-bin\*(R", then the cookie will be returned |
208 | to each of the scripts \*(L"/cgi\-bin/tally.pl\*(R", \*(L"/cgi\-bin/order.pl\*(R", and |
209 | \&\*(L"/cgi\-bin/customer_service/complain.pl\*(R", but not to the script |
210 | \&\*(L"/cgi\-private/site_admin.pl\*(R". By default, the path is set to \*(L"/\*(R", so |
211 | that all scripts at your site will receive the cookie. |
212 | .IP "\fB4. secure flag\fR" 4 |
213 | .IX Item "4. secure flag" |
214 | If the \*(L"secure\*(R" attribute is set, the cookie will only be sent to your |
215 | script if the \s-1CGI\s0 request is occurring on a secure channel, such as \s-1SSL\s0. |
216 | .IP "\fB4. HttpOnly flag\fR" 4 |
217 | .IX Item "4. HttpOnly flag" |
218 | If the \*(L"httponly\*(R" attribute is set, the cookie will only be accessible |
219 | through \s-1HTTP\s0 Requests. This cookie will be inaccessible via JavaScript |
220 | (to prevent \s-1XSS\s0 attacks). |
221 | .Sp |
222 | See this \s-1URL\s0 for more information including supported browsers: |
223 | .Sp |
224 | <http://www.owasp.org/index.php/HTTPOnly> |
225 | .Sh "Creating New Cookies" |
226 | .IX Subsection "Creating New Cookies" |
227 | .Vb 7 |
228 | \& $c = new CGI::Simple::Cookie( \-name => 'foo', |
229 | \& \-value => 'bar', |
230 | \& \-expires => '+3M', |
231 | \& \-domain => '.capricorn.com', |
232 | \& \-path => '/cgi\-bin/database', |
233 | \& \-secure => 1 |
234 | \& ); |
235 | .Ve |
236 | .PP |
237 | Create cookies from scratch with the \fBnew\fR method. The \fB\-name\fR and |
238 | \&\fB\-value\fR parameters are required. The name must be a scalar value. |
239 | The value can be a scalar, an array reference, or a hash reference. |
240 | (At some point in the future cookies will support one of the Perl |
241 | object serialization protocols for full generality). |
242 | .PP |
243 | \&\fB\-expires\fR accepts any of the relative or absolute date formats |
244 | recognized by CGI::Simple.pm, for example \*(L"+3M\*(R" for three months in the |
245 | future. See CGI::Simple.pm's documentation for details. |
246 | .PP |
247 | \&\fB\-domain\fR points to a domain name or to a fully qualified host name. |
248 | If not specified, the cookie will be returned only to the Web server |
249 | that created it. |
250 | .PP |
251 | \&\fB\-path\fR points to a partial \s-1URL\s0 on the current server. The cookie |
252 | will be returned to all URLs beginning with the specified path. If |
253 | not specified, it defaults to '/', which returns the cookie to all |
254 | pages at your site. |
255 | .PP |
256 | \&\fB\-secure\fR if set to a true value instructs the browser to return the |
257 | cookie only when a cryptographic protocol is in use. |
258 | .PP |
259 | \&\fB\-httponly\fR if set to a true value, the cookie will not be accessible |
260 | via JavaScript. |
261 | .Sh "Sending the Cookie to the Browser" |
262 | .IX Subsection "Sending the Cookie to the Browser" |
263 | Within a \s-1CGI\s0 script you can send a cookie to the browser by creating |
264 | one or more Set\-Cookie: fields in the \s-1HTTP\s0 header. Here is a typical |
265 | sequence: |
266 | .PP |
267 | .Vb 4 |
268 | \& $c = new CGI::Simple::Cookie( \-name => 'foo', |
269 | \& \-value => ['bar','baz'], |
270 | \& \-expires => '+3M' |
271 | \& ); |
272 | .Ve |
273 | .PP |
274 | .Vb 2 |
275 | \& print "Set\-Cookie: $c\en"; |
276 | \& print "Content\-Type: text/html\en\en"; |
277 | .Ve |
278 | .PP |
279 | To send more than one cookie, create several Set\-Cookie: fields. |
280 | Alternatively, you may concatenate the cookies together with \*(L"; \*(R" and |
281 | send them in one field. |
282 | .PP |
283 | If you are using CGI::Simple.pm, you send cookies by providing a \-cookie |
284 | argument to the \fIheader()\fR method: |
285 | .PP |
286 | .Vb 1 |
287 | \& print header( \-cookie=>$c ); |
288 | .Ve |
289 | .PP |
290 | Mod_perl users can set cookies using the request object's \fIheader_out()\fR |
291 | method: |
292 | .PP |
293 | .Vb 1 |
294 | \& $r\->header_out('Set\-Cookie',$c); |
295 | .Ve |
296 | .PP |
297 | Internally, Cookie overloads the "" operator to call its \fIas_string()\fR |
298 | method when incorporated into the \s-1HTTP\s0 header. \fIas_string()\fR turns the |
299 | Cookie's internal representation into an RFC-compliant text |
300 | representation. You may call \fIas_string()\fR yourself if you prefer: |
301 | .PP |
302 | .Vb 1 |
303 | \& print "Set\-Cookie: ",$c\->as_string,"\en"; |
304 | .Ve |
305 | .Sh "Recovering Previous Cookies" |
306 | .IX Subsection "Recovering Previous Cookies" |
307 | .Vb 1 |
308 | \& %cookies = fetch CGI::Simple::Cookie; |
309 | .Ve |
310 | .PP |
311 | \&\fBfetch\fR returns an associative array consisting of all cookies |
312 | returned by the browser. The keys of the array are the cookie names. You |
313 | can iterate through the cookies this way: |
314 | .PP |
315 | .Vb 4 |
316 | \& %cookies = fetch CGI::Simple::Cookie; |
317 | \& foreach (keys %cookies) { |
318 | \& do_something($cookies{$_}); |
319 | \& } |
320 | .Ve |
321 | .PP |
322 | In a scalar context, \fIfetch()\fR returns a hash reference, which may be more |
323 | efficient if you are manipulating multiple cookies. |
324 | .PP |
325 | CGI::Simple.pm uses the \s-1URL\s0 escaping methods to save and restore reserved |
326 | characters in its cookies. If you are trying to retrieve a cookie set by |
327 | a foreign server, this escaping method may trip you up. Use \fIraw_fetch()\fR |
328 | instead, which has the same semantics as \fIfetch()\fR, but performs no unescaping. |
329 | .PP |
330 | You may also retrieve cookies that were stored in some external |
331 | form using the \fIparse()\fR class method: |
332 | .PP |
333 | .Vb 2 |
334 | \& $COOKIES = `cat /usr/tmp/Cookie_stash`; |
335 | \& %cookies = parse CGI::Simple::Cookie($COOKIES); |
336 | .Ve |
337 | .Sh "Manipulating Cookies" |
338 | .IX Subsection "Manipulating Cookies" |
339 | Cookie objects have a series of accessor methods to get and set cookie |
340 | attributes. Each accessor has a similar syntax. Called without |
341 | arguments, the accessor returns the current value of the attribute. |
342 | Called with an argument, the accessor changes the attribute and |
343 | returns its new value. |
344 | .IP "\fB\f(BIname()\fB\fR" 4 |
345 | .IX Item "name()" |
346 | Get or set the cookie's name. Example: |
347 | .Sp |
348 | .Vb 2 |
349 | \& $name = $c\->name; |
350 | \& $new_name = $c\->name('fred'); |
351 | .Ve |
352 | .IP "\fB\f(BIvalue()\fB\fR" 4 |
353 | .IX Item "value()" |
354 | Get or set the cookie's value. Example: |
355 | .Sp |
356 | .Vb 2 |
357 | \& $value = $c\->value; |
358 | \& @new_value = $c\->value(['a','b','c','d']); |
359 | .Ve |
360 | .Sp |
361 | \&\fB\f(BIvalue()\fB\fR is context sensitive. In a list context it will return |
362 | the current value of the cookie as an array. In a scalar context it |
363 | will return the \fBfirst\fR value of a multivalued cookie. |
364 | .IP "\fB\f(BIdomain()\fB\fR" 4 |
365 | .IX Item "domain()" |
366 | Get or set the cookie's domain. |
367 | .IP "\fB\f(BIpath()\fB\fR" 4 |
368 | .IX Item "path()" |
369 | Get or set the cookie's path. |
370 | .IP "\fB\f(BIexpires()\fB\fR" 4 |
371 | .IX Item "expires()" |
372 | Get or set the cookie's expiration time. |
373 | .IP "\fB\f(BIsecure()\fB\fR" 4 |
374 | .IX Item "secure()" |
375 | Get or set the cookie's secure flag. |
376 | .IP "\fB\f(BIhttponly()\fB\fR" 4 |
377 | .IX Item "httponly()" |
378 | Get or set the cookie's HttpOnly flag. |
379 | .SH "AUTHOR INFORMATION" |
380 | .IX Header "AUTHOR INFORMATION" |
381 | Original version copyright 1997\-1998, Lincoln D. Stein. All rights reserved. |
382 | Originally copyright 2001 Dr James Freeman <jfreeman@tassie.net.au> |
383 | This release by Andy Armstrong <andy@hexten.net> |
384 | .PP |
385 | This library is free software; you can redistribute it and/or modify |
386 | it under the same terms as Perl itself. |
387 | .PP |
388 | Address bug reports and comments to: andy@hexten.net |
389 | .SH "BUGS" |
390 | .IX Header "BUGS" |
391 | This section intentionally left blank :\-) |
392 | .SH "SEE ALSO" |
393 | .IX Header "SEE ALSO" |
394 | CGI::Carp, CGI::Simple |