perlknight has asked for the wisdom of the Perl Monks concerning the following question:

All, I am having problem setting cookie manually. Hoever, I have no problem setting it via CGI qw(:standard). But for my educational purppose, I would like to know why this piece of code is not setting my cookie.

#!/usr/bin/perl # example_5-1.cgi use strict; print qq(Content-type: text/html\n"); print qq(Set-Cookies: username=Fred Flinstone; ); print qq(expires=Mon, 01-May-2003 00:00:00 GMT; ); print qq(path=/); print qq(\n\n); print qq(A cookie has been set in your browser...<P>); print qq(<A HREF="example_5-2.cgi">); print qq(Click to view the cookie</A>);

here's the code that checks if the cookie is set:

#!/usr/bin/perl #example_5-2.cgi use strict; my ($key,$value) = split(/=/,$ENV{HTTP_COOKIE}); print qq(Content-type: text/html\n\n); print qq(The cookie <B>$key</B> contained <B>$value</B>);

When I call the code via my browser: http://localhost/cgi-bin/play/example_5-1.cgi this sets the cookie and http://localhost/cgi-bin/play/example_5-2.cgi this displays it, but the cookie is not displaying. I even check Konqueror for the cookie, but there's nothing there from localhost. Does any one see anything wrong with this? Thanks.

Replies are listed 'Best First'.
Re: cookie problem
by mattriff (Chaplain) on Apr 28, 2002 at 16:47 UTC
    In the sample above, you are setting a "Set-Cookies" header, which isn't quite the same as a "Set-Cookie" header. The singular version is correct.

    UPDATE: About the other idea being considered -- I was thinking, as growlf said, that the order of the headers shouldn't matter. I had a look through RFC2068 (the HTTP 1.1 specification) and, if the order matters, I surely can't find where that's defined.

    (Of course, I'm assuming here that the standard is being followed, which isn't always a good idea.)

    - Matt Riffle

      Ya gotta love them RFC's - look at RFC2109 for cookies actually.

      Thanks, "Set-Cookie" did the trick.
Re: cookie problem
by giulienk (Curate) on Apr 28, 2002 at 17:13 UTC
    I think you got a typo here:
    print qq(Content-type: text/html\n");
    What you really want is
    print qq(Content-type: text/html\n);
    without the trailing "


      Thanks, originally it wasn't there but after trying to get it to work, I must have made a type :-)
Re: cookie problem
by Chady (Priest) on Apr 28, 2002 at 16:31 UTC

    I'm not an HTTP expert, but I think that the Set-Cookie header should be sent before the content-type.

    He who asks will be a fool for five minutes, but he who doesn't ask will remain a fool for life.

    Chady |
      I believe that Chady is correct. To verify this, you might try
      lynx -dump -source http://localhost/cookie-via-CGI.cgi
      Since you said that the CGI method of setting the cookie works correctly, this lynx call would let you view the server headers (including the Set-Cookie portion) and in what order they appear when done "properly".
Re: cookie problem
by growlf (Pilgrim) on Apr 28, 2002 at 16:58 UTC
    You may want to look at this as well, but i believe Matt is completely correct. And no - the order of lines in the HTTP header (as pertains to cookies) is not important, however new-line characters inside the cookie may be - for many browsers.

Re: (newrisedesigns) cookie problem
by newrisedesigns (Curate) on Apr 29, 2002 at 03:04 UTC


    Unless this is just a test piece of code, or you are just trying to figure things out, 'Set-Cookie' method is the way to go.

    But, considering you'd probably want to get that cookie back sometime later, I suggest using

    It's well tested, and incredibly easy to use. Making setting and retreiving cookies a piece of cake (confectionary pun intended)

    Here's how you can modify your code:

    use strict; use CGI; use vars qw($q $c); $q = new CGI; $c = $q->cookie(-name=>"Username", -value=>"Fred Flintstone", -path=>" +/", -expires=>"+1d"); print $q->header(-cookie=>"$c");

    and you can retrieve by...

    use strict; use CGI; use vars qw($q $c); $q = new CGI; $c = $q->cookie("Username");

    IMO, is one of the best modules on CPAN. It's worth using.

    Hope this helps!

    Update: D'oh! I just noticed now that perlknight mentions that he has no trouble setting/retrieving cookies with CGI qw(standard). I seriously missed that.

    So, if anyone wants to know how perlknight could have done this with here you are.

    John J Reiser will double check post before replying
Re: cookie problem
by perlknight (Pilgrim) on Apr 29, 2002 at 15:43 UTC
    All, thanks for your help and since we're on the subject of cookie, then how do I clear the cookie? I noticed I can reset the cookie by just leaving the name/value to nothing or just by setting the expires date to expires? What would be the proper way of doing it? Thanks.
      To delete a cookie, set the cookie again with ALL the same parameters used to set it initially, including the same cookie name, path, domain, "secure" flag (if any of these were used), and an expiration date in the past. That should do the trick.

      But again, as someone else pointed out, this is also well-documented in the RFC. Or you can use the implementation to witness yourself what the cookie looks like when being deleted (i.e. re-set with exp. date in the past).