Web Browser Cookies

A cookie is an HTTP header, which is a key-value pair in the header fields section of an HTTP message.

The Set-Cookie and Cookie headers are used with cookies. The Cookie-request header is sent from the server in request for cookies on the client side. An example of a Cookie-request header is:

Set-Cookie: sessauth=44c46a10; expires=Wednesday, 27-Sep-2006
03:59:59 GMT

In this example, the server requests that the client store the following cookie:

sessauth=44c46a10

Everything after the first semi-colon contains additional information about the cookie, such as the expiration date. When the Adapter sees this header, it extracts the cookie sessauth=44c46a10 and returns it to the server on subsequent requests. The Adapter prepends a cookie header to the HTTP request, for example:

Cookie: sessauth=44c46a10

Each time the Adapter sends a request to the same server during a session, the cookie is sent along with the request.

Cookie Expiration Date Checking

The HTTPS Adapter checks time-limited cookies with expiration dates to ensure that they have not expired. If they have expired, the cookie is removed and is not resent to the originating server. As a result, the session state is removed.

The following standard expiration date formats are recognized by the HTTPS Adapter:

"Sun, 06 Nov 1994 08:49:37 GMT"            ;RFC 822, updated by RFC 1123
"Sunday, 06-Nov-94 08:49:37 GMT"         ;RFC 850, obsoleted by RFC 1036
"Sunday, 06-Nov-1994 08:49:37 GMT"                  ;RFC 1036
"Sun Nov  6 08:49:37 1994"                   ;ANSI C’s asctime()

If the expiration date is in another format, the Adapter does not recognize the expiration date. Instead, it treats the cookie as if it does not have an expiration date.