The cookie component
Sets a cookie in the client browser, used for session management and storing user-related information.
This component creates a single cookie. Since cookies need to be set before the response body is sent to the client,
this component should be placed at the top of the page, before any other components that generate output.
After being set, a cookie can be accessed anywhere in your SQL code using the `sqlpage.cookie('cookie_name')` pseudo-function.
Top-level parameters
name | required | type | description |
---|---|---|---|
name | REQUIRED | TEXT |
The name of the cookie to set. |
domain | TEXT |
The domain for which the cookie will be sent. If not specified, the cookie will be sent for all domains. | |
expires | TIMESTAMP |
The date at which the cookie expires (either a timestamp or a date object). If not specified, the cookie will expire when the browser is closed. | |
http_only | BOOLEAN |
Whether the cookie should only be accessible via HTTP and not via client-side scripts. If not specified, the cookie will be accessible via both HTTP and client-side scripts. | |
max_age | INTEGER |
The maximum age of the cookie in seconds. number of seconds until the cookie expires. If both Expires and Max-Age are set, Max-Age has precedence. | |
path | TEXT |
The path for which the cookie will be sent. If not specified, the cookie will be sent for all paths. | |
remove | BOOLEAN |
Set to TRUE to remove the cookie from the client browser. When specified, other parameters are ignored. | |
same_site | TEXT |
Whether the cookie should only be sent for requests originating from the same site. See owasp.org/www-community/SameSite. `strict` is the recommended and default value, but you may want to set it to `lax` if you want your users to keep their session when they click on a link to your site from an external site. | |
secure | BOOLEAN |
Whether the cookie should only be sent over a secure (HTTPS) connection. Defaults to TRUE. | |
value | TEXT |
The value of the cookie to set. |
No data |
Examples
Create a cookie named username
with the value John Doe
...
SELECT 'cookie' as component,
'username' as name,
'John Doe' as value
FALSE AS secure; -- You can remove this if the site is served over HTTPS.
and then display the value of the cookie using the sqlpage.cookie
function:
SELECT 'text' as component,
'Your name is ' || COALESCE(sqlpage.cookie('username'), 'not known to us');