Are you an LLM? You can read better optimized documentation at /en\vbman\httpserver\cookie.md for this page in Markdown format
Cookie Management Guide
Overview
cHttpServerCookies provides complete Cookie management functionality:
- Parse cookies in requests
- Set cookies in responses
- Support all standard Cookie attributes (Domain, Path, Expires, Secure, HttpOnly, SameSite)
Core Classes
| Class Name | Description |
|---|---|
cHttpServerCookies | Cookie collection management |
cHttpServerCookieAttr | Individual cookie attributes |
Cookie Attributes Explained
cHttpServerCookieAttr
| Property | Type | Description |
|---|---|---|
Value | String | Cookie value |
Domain | String | Domain scope |
Path | String | Path scope (default "/") |
Expires | Variant | Expiration time |
Secure | Boolean | HTTPS only transmission |
HttpOnly | Boolean | Disable JavaScript access |
SameSite | String | SameSite policy |
Quick Start
Reading Request Cookies
vb
Public Sub ShowCookie(ctx As cHttpServerContext)
' Check if cookie exists
If ctx.Cookies.Exists("username") Then
Dim username As String
username = ctx.Cookies.Cookie("username").Value
ctx.Response.Text "Username: " & username
Else
ctx.Response.Text "Cookie not found"
End If
End SubSetting Response Cookies
vb
Public Sub SetCookie(ctx As cHttpServerContext)
' Set simple cookie
ctx.Cookies.Cookie("username").Value = "John"
' Set cookie with expiration
With ctx.Cookies.Cookie("token")
.Value = "abc123"
.Expires = DateAdd("d", 7, Now) ' Expires in 7 days
.Path = "/"
End With
' Set secure cookie
With ctx.Cookies.Cookie("session")
.Value = GenerateToken()
.HttpOnly = True ' Disable JS access
.Secure = True ' HTTPS only
.SameSite = "Strict" ' Prevent CSRF
.Expires = DateAdd("h", 2, Now) ' Expires in 2 hours
End With
ctx.Response.Json Nothing, 0, "Cookie set"
End SubDeleting Cookies
vb
Public Sub DeleteCookie(ctx As cHttpServerContext)
' Set expiration to past to delete
ctx.Cookies.Cookie("username").Expires = DateAdd("d", -1, Now)
ctx.Response.Json Nothing, 0, "Cookie deleted"
End SubComplete Examples
Remember Login Feature
vb
' cAuthController.cls
' POST /login
Public Sub Login(ctx As cHttpServerContext)
Dim username As String, password As String
Dim remember As Boolean
username = ctx.Request.Form("username")
password = ctx.Request.Form("password")
remember = (ctx.Request.Form("remember") = "true")
' Validate credentials
If Not ValidateUser(username, password) Then
ctx.Response.Json Nothing, 1, "Invalid username or password"
Exit Sub
End If
' Generate token
Dim token As String
token = GenerateToken(username)
' Set session
ctx.Session("user_id") = GetUserId(username)
' Set cookie
With ctx.Cookies.Cookie("auth_token")
.Value = token
.Path = "/"
.HttpOnly = True
.SameSite = "Lax"
If remember Then
' Remember login: 7 days
.Expires = DateAdd("d", 7, Now)
Else
' Don't remember: expires when browser closes
.Expires = Empty
End If
End With
ctx.Response.Json Nothing, 0, "Login successful"
End Sub
' GET /auto-login
Public Sub AutoLogin(ctx As cHttpServerContext)
' Check cookie token
If Not ctx.Cookies.Exists("auth_token") Then
ctx.Response.State401 "Not logged in"
Exit Sub
End If
Dim token As String
token = ctx.Cookies.Cookie("auth_token").Value
' Validate token
If Not ValidateToken(token) Then
ctx.Response.State401 "Session expired"
Exit Sub
End If
' Auto login successful
Dim username As String
username = GetUsernameFromToken(token)
ctx.Session("user_id") = GetUserId(username)
ctx.Response.Json Nothing, 0, "Auto login successful"
End Sub
' GET /logout
Public Sub Logout(ctx As cHttpServerContext)
' Clear session
ctx.Session.Abandon
' Delete cookie
ctx.Cookies.Cookie("auth_token").Expires = DateAdd("d", -1, Now)
ctx.Response.Json Nothing, 0, "Logout successful"
End SubMulti-language Support
vb
Public Sub SetLanguage(ctx As cHttpServerContext)
Dim lang As String
lang = ctx.Request.QueryString("lang")
' Set language cookie, expires in 1 year
With ctx.Cookies.Cookie("language")
.Value = lang
.Path = "/"
.Expires = DateAdd("yyyy", 1, Now)
End With
ctx.Response.Json Nothing, 0, "Language set: " & lang
End Sub
Public Sub GetLanguage(ctx As cHttpServerContext)
Dim lang As String
' Get from cookie first
If ctx.Cookies.Exists("language") Then
lang = ctx.Cookies.Cookie("language").Value
Else
' Default language
lang = "en-US"
End If
Dim result As New Scripting.Dictionary
result("language") = lang
ctx.Response.Json result
End SubSameSite Attribute Explained
| Value | Description | Use Case |
|---|---|---|
Strict | Only same-site requests send cookie | High security (banking, payment) |
Lax | Sent on top-level navigation, not iframe/images | Balance security and UX (recommended) |
None | Sent on all requests (requires Secure) | Cross-site needs (OAuth) |
vb
' Strict - Most strict
ctx.Cookies.Cookie("high_security").SameSite = "Strict"
' Lax - Recommended
ctx.Cookies.Cookie("session").SameSite = "Lax"
' None - Cross-site required
ctx.Cookies.Cookie("oauth_state").SameSite = "None"
ctx.Cookies.Cookie("oauth_state").Secure = True ' None requires SecureCookie Security Recommendations
vb
' Security configuration example
With ctx.Cookies.Cookie("session_id")
' Store encrypted value
.Value = Encrypt(sessionValue)
' Path restriction
.Path = "/api" ' Only sent under /api path
' Domain restriction
.Domain = ".example.com" ' Subdomain sharing
' HTTPS transmission
.Secure = True
' Disable JS access
.HttpOnly = True
' Prevent CSRF
.SameSite = "Strict"
' Reasonable expiration time
.Expires = DateAdd("h", 2, Now) ' 2 hours
End WithLast Updated: 2026-05-17