Long Term Cookies

Previous Table of Contents Next

Long Term Cookies

So far, the cookies you've set on the browser have been temporary: as soon as the browser is closed, the cookie disappears. When you're using cookies to save values among multiple pages on a forminstead of hidden HTML valuesusing temporary cookies is entirely appropriate. When a new browser is started, you don't want the cookie returned to the server because the user wouldn't be filling out the form starting in the middle; he or she would be starting at the beginning.

In some cases, you might like the cookie to hang around much longer. Perhaps you want the cookie to persist for days, weeks, or months after the browser is closed and restarted. Creating these cookies is easy with Perl's CGI module.

To set an expiration date for a cookie, you can use the -expires option when you create the cookie. The -expires option must be followed by a date that you want the cookie to expire. You can specify this date in several formats, as shown in Table 24.1.

Table 24.1. Formats for Cookie Expiration Dates




Number of seconds


30 seconds from now

Number of minutes


15 minutes from now

Number of hours


12 hours from now

Number of months


6 months from now

Number of years


1 year from now



Cookie expires immediately

Any negative time


Cookie expires immediately

A specific time

Saturday, 28-Aug-1999

22:51:05 GMT


When specifying an expiration time, you must follow the format listed in Table 24.1 exactly. All the other possible values are offsets from the current time, and the fully qualified time will be computed for you and sent to the browser.

This small program sets a cookie on the browser that expires in eight days:

#!/usr/bin/perl -w

use CGI qw(:all);

use strict;

my $cookie=cookie(-name => 'Favorite',

    -value => 'soft oatmeal raisin cookies',

    -expires => '+8d' );

# Transmit the cookie to the browser

print header(-cookie => $cookie);

Persistent cookies do not last indefinitely. That is, if you send a cookie to the browser and expect that the cookie will be around weeks, months, or years from now, you might be disappointed.

As you'll learn later in "Problems with Cookies," browsers don't have to store cookies. In fact, they don't have to accept your cookies at alland your CGI program is not informed that the cookies aren't kept.

Browsers can flush out their cookies at any time to make room for new cookies received from other sitesor for no reason at all. Some browsers can allow users to edit cookies or to add new ones.

Users can erase the cookies, either accidentally or on purpose. If the users install a new version of a browser or an operating system, the cookies can be wiped out or misplaced. Simply using a different browser can make the cookies seem to "disappear." The cookies are usually stored in a file when the browser isn't active, and that file can be edited by users, erased, or corrupted.

By the Way

If you're curious, most browsers store the cookies in files when they're not active, and usually they're just text files that you can view with an editor. Netscape stores the cookies in a file called cookies.txt under the user's home directory (which varies from system to system). Internet Explorer stores cookies under \Windows\Cookies.

Storing critical information in an HTTP cookie, therefore, is really not a good idea. Any information that you want to store persistently in a cookie should be easily replaceduser preferences, a replaceable entry key for a restricted web page, last-visited information, and so on.

    Previous Table of Contents Next
    © 2000- NIV