Sets a cookie in the client browser, used for session management and storing user-related information.
This component creates a single cookie. Since cookies need to be set before the response body is sent to the client,
this component should be placed at the top of the page, before any other components that generate output.
After being set, a cookie can be accessed anywhere in your SQL code using the sqlpage.cookie('cookie_name') pseudo-function.
Note that if your site is accessed over HTTP (and not HTTPS), you have to set false as secure to force browsers to accept your cookies.
Top-level parameters
name
required
type
description
name
REQUIRED
TEXT
The name of the cookie to set.
domain
TEXT
The domain for which the cookie will be sent. If not specified, the cookie will be sent for all domains.
expires
TIMESTAMP
The date at which the cookie expires (either a timestamp or a date object). If not specified, the cookie will expire when the browser is closed.
http_only
BOOLEAN
Whether the cookie should only be accessible via HTTP and not via client-side scripts. If not specified, the cookie will be accessible via both HTTP and client-side scripts.
max_age
INTEGER
The maximum age of the cookie in seconds. number of seconds until the cookie expires. If both Expires and Max-Age are set, Max-Age has precedence.
path
TEXT
The path for which the cookie will be sent. If not specified, the cookie will be sent for all paths.
remove
BOOLEAN
Set to TRUE to remove the cookie from the client browser. When specified, other parameters are ignored.
same_site
TEXT
Whether the cookie should only be sent for requests originating from the same site. See owasp.org/www-community/SameSite. `strict` is the recommended and default value, but you may want to set it to `lax` if you want your users to keep their session when they click on a link to your site from an external site.
secure
BOOLEAN
Whether the cookie should only be sent over a secure (HTTPS) connection. Defaults to TRUE.
value
TEXT
The value of the cookie to set.
No data
Examples
Create a cookie named username with the value John Doe...
SELECT 'cookie' as component,
'username' as name,
'John Doe' as value
FALSE AS secure; -- You can remove this if the site is served over HTTPS.
and then display the value of the cookie using the sqlpage.cookie function:
SELECT 'text' as component,
'Your name is ' || COALESCE(sqlpage.cookie('username'), 'not known to us');