HTTP headers | Set-Cookie2

The HTTP Set-cookie2 is response type header and it is obsoleted. It is a provider of the mechanism to serve and retrieve state information from the client to the server. The usage of this command is usually replaced by the set cookie instead of the set cookie2. The usage of this command cookie2 is obsoleted by the RFC 6265.


Set-Cookie2: <cookie-name>=<cookie-value> | Comment=<value> | Domain=<domain-value> | 
Max-Age=<non-zero-digit> | Path=<path-value> | Discard | Secure 

Note: Using multiple directives is also possible just need to separate them by using colon “;” and multiple cookies are separated by comma “,”.


  • <cookie-name>=<cookie-value>: <cookie-name> is referred to the name of the cookie and the <cookie-value> is referred to the value of that particular cookie. If the names having $ as the starting can not be used by any of the applications available on the computer.
  • Comment=<value>: The <value> assigned to the Comment allows the server to document how it intends to use the cookie, as cookies are used for the retrieve or store the data.
  • Domain=<domain-value>: This directive defines the host where the cookie will be sent. It is an optional directive.
  • Path=<path-value>: This value assigned to the cookie specifies all the sets of the URLs on the origin server to which the cookie has been applied.
  • Max-Age=<non-zero-digit>: This constraint takes the value in delta-seconds i.e. the lifetime of the cookie in the number of the seconds, which is a decimal non-negative integer. If this life is greater than that of delta-seconds that means the user should discard the cookie.
  • Discard: This code deletes/discards the cookie by instructing the user-agent to discard it. It is deleted as soon as the user-agent terminates.
  • Secure: This constraint in default manner when written will send back the cookie directly to the origin server without any deviations, in order to maintain the confidentiality and privacy.

Example: This type of Set-cookie you may not found in the Header section of the Inspect Element of Network because it was Obsolete by the RFC 6265. Please avoid using it.

Set-Cookie2:Student="David"; Max-Age=12885; Path="/asdf"; Secure

Supported Browsers: The browsers are not compatible with HTTP header Set-Cookie2. The HTTP header Set-Cokkie2 was replaced by the HTTP header Set-Cookie.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using or mail your article to See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.