Servlet::Http::Cookie - HTTP cookie class


  my $cookie = Servlet::Http::Cookie->new($name, $value);

  my $clone = $cookie->clone();

  my $comment = $cookie->getComment();

  my $domain = $cookie->getDomain();

  my $seconds = $cookie->getMaxAge();

  my $name = $cookie->getName();

  my $path = $cookie->getPath();

  my $bool = $cookie->getSecure();

  my $value = $cookie->getValue();

  my $version = $cookie->getVersion();


This class represents a cookie, a small amount of information sent by a servlet to a Web browser, saved by the browser, and later sent back to the server. A cookie's value can uniquely identify a client, so cookies are commonly used for session management.

A cookie has a name, a single value, and optional attributes such as a comment, path and domain qualifiers, a maximum age, and a version number. Some Web browsers have bugs in how they handle the optional attributes, so use them sparingly to improve the interoperability of your servlets.

The servlet sends cookies to the browser by using the addCookie() method, which adds fields to the HTTP response headers to send cookies to the browser, one at a time. The browser is expected to support 20 cookies for each Web server, 300 cookies total, and may limit cookie size to 4 KB each.

The browser returns cookies to the servlet by adding fields to HTTP request headers. Cookies can be retrieved from a request by using the getCookies() method. Serveral cookies might have the same name but different path attributes.

Cookies affect the caching of the Web pages that use them. HTTP 1.0 does not cache pages that use cookies created with this class. This class does not support the cache control defined with HTTP 1.1.

This class supports both the Version 0 (by Netscape) and Version 1 (by RFC 2109) cookie specifications. By default, cookies are created using Version 0 to ensure the best interoperability.


new($name, $value)

Constructs an instance with the specified name and value.

The name must conform to RFC 2109. That means it can contain only ASCII alphanumeric characters and cannot contain commas, semicolons, or white space or begin with a $ character. The cookie's name cannot be changed after creation.

The value can be anything the server chooses to send. Its value is probably of interest only to the server. The cookie's value can be c hanged after creation with setValue().

By deafult, cookies are created according to the Netscape cookie specification. The version can be changed with setVersion().



the name of the cookie


the value of the cookie



if the cookie name contains illegal characters or is one of the tokens reserved for use by the cookie specification



Returns a copy of the object.


Returns the comment describing the purpose of the cookie, or undef if the cookie has no comment.


Returns the domain name for the cookie, in the form specified by RFC 2109.


Returns the maximum age of the cookie, specified in seconds. The default value is -1, indicating that the cookie will persist until client shutdown.


Returns the name of the cookie. The name cannot be changed after creation.


Returns the path on the server to which the browser returns the cookie. The cookie is visible to all subpaths on the server.


Returns true if the cookie can only be sent over a secure channel., or false if the cookie can be sent over any channel.


Returns the value of the cookie.


Returns the version of the cookie specification complied with by the cookie. Version 1 complies with RFC 2109, and version 0 complies with the original cookie specification drafted by Netscape. Cookies provided by a client use and identify the client's cookie version.


Specifies a comment that describes the cookie's purpose. Comments are not supported by Version 0 cookies.



the comment


Specifies the domain within which this cookie should be presented.

The form of the domain name is specified by RFC 2109. A domain name begins with a dot (, which means that the cookie is visible to servers in that domain only (, but not By default, cookies are only returned to the server that sent them.



the domain name within which the cookie is visible


Sets the maximum age of the cookie in seconds.

A positive value indicates that the cookie will expire after that many seconds have passed. Note that the value is the maximum age when the cookie will expire, not the cookie's current age.

A negative value means that the cookie is not stored persistently and will be deleted when the client exits. A zero value causes the cookie to be deleted.



the maximum age of the cookie in seconds


Specifies a server namespace for which the cookie is visible.

The cookie is visible to all the resources at or beneath the URI namespace specified by the path. A cookie's path must include the servlet that set the cookie in order to make the cookie visible to that servlet.



the uri path denoting the visible namespace for the cookie


Indicates to the if the cookie must be sent only over a secure channel or if it can be sent over any channel. The default is false.



a flag specifying the security requirement for cookie transmission


Assigns a new value to a cookie after the cookie is created. If a binary value is used, Base64 encoding the value is suggested.

With version 0 cookies, values should not contain white space, brackets, parentheses, equals signs, commas, double quotes, slashes, question marks, at signs, colons and semicolons. The behavior of clients in response to empty values is undefined.



the new value of the cookie


Sets the version of the cookie specification with which the cookie complies. Version 0 complies with the original Netscape cookie specification, Version 1 complies with RFC 2109. The default is 0.



the version number of the supported cookie specification




Brian Moseley,