HTTP headers | Set-Cookie
The HTTP header Set-Cookie is a response header and used to send cookies from the server to the user agent. So the user agent can send them back to the server later so the server can detect the user.
Syntax:
Set-Cookie: <cookie-name>=<cookie-value> | Expires=<date>
| Max-Age=<non-zero-digit> | Domain=<domain-value>
| Path=<path-value> | SameSite=Strict|Lax|none
Note: Using multiple directives are also possible.
Directives:
- <cookie-name>=<cookie-value>: The cookie name have to avoid this character ( ) @, ; : \ ” / [ ] ? = { } plus control characters, spaces, and tabs. It can be any US-ASCII characters.
- Expires=<date>: It is an optional directive that contains the expiry date of the cookie.
- Max-Age=<non-zero-digit>: It contains the life span in a digit of seconds format, zero or negative value will make the cookie expired immediately.
- Domain=<domain-value>: This directive defines the host where the cookie will be sent. It is an optional directive.
- Path=<path-value>: This directive define a path that must exist in the requested URL, else the browser can’t send the cookie header.
- SameSite=Strict|Lax|none: This directives providing some protection against cross-site request forgery attacks.
Example:
To check this Set-Cookie in action go to Inspect Element -> Network check the response header for Set-Cookie.
Supported Browsers: The browsers compatible with HTTP header Set-Cookie are listed below:
- Google Chrome
- Internet Explorer
- Firefox
- Safari
- Opera
Last Updated :
31 Oct, 2019
Like Article
Save Article
Share your thoughts in the comments
Please Login to comment...