Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
I have been studying up on cookies the last week or so and have gotten to know quite a bit about them and how to use them but there is one thing I am still unclear on.
I generate my HTML pages through a Perl script that puts together the content of a page and the HTML structure tags for me. Within this script I set a cookie.
Now let's say that a visitor comes along who has never been at my site before and that the page being requested has never been cached by any mechanism traversed by this visitor on the way to my site.
My server side script sets the cookie and generates the HTML page which is returned to the visitor. Along with being returned the page is now cached by a proxy along the way.
Now let's assume that another visitor comes along using the same basic traceroute to get to my site and that instead of getting a fresh copy (generated by my script) they now receive the cached copy.
Will the original HTTP header sent along with the first visitor's request be sent to the new visitor by the cache? Re-setting the SAME cookie for each new visitor (I want to set a fresh cookie for each visitor)?
Or will the HTML page itself without my cookie header (generated by my server side script) be sent from the cache?
I am somewhat confused as to whether HTTP headers like "Set-Cookie" end up being cached and sent along with the HTML page by cacheing mechanisms.
If I can keep the "Set-Cookie" header from being cached through an HTTP "no-cache" type of header then how do I set a new cookie for each visitor that is served up a cached copy of my page? Since my server side script that generates the page will not be called?
Very confusing trying to see in the dark...since so much of this happens behind the scenes.
Any insight on this would be appreciated.
- When caching HTTP, as a proxy server might do, the Set-cookie response header should never be cached.
- If a proxy server receives a response which contains a Set-cookie header, it should propagate the Set-cookie header to the client, regardless of whether the response was 304 (Not Modified) or 200 (OK).
Similarly, if a client request contains a Cookie: header, it should be forwarded through a proxy, even if the conditional If-modified-since request is being made.
There are many other standards of course, but the idea is to go to the authority on the subject. Many people and even experienced people, do not even realize what a standard is or can do for them.
As pointed out by Brett in post #4 [webmasterworld.com] in the orignal thread on Posting Code [webmasterworld.com] you might want to figure out whether the area you are researching is governed by any standard and then read that spec first. Comments may help understand the standard but never forget that in the end itīs the standard that is the authority, not what some author of some article thought it to be.
Thanks for the link to Netscape's cookie page but despite reading through it and other standards pages dealing with this area (like the HTTP 1.1 and CGI) I still don't get it. I'm sure it's something simple that I am missing and that the light will come on soon but...
I understand that a cookie header should not be cached (at least according to Netscape's original paper on this).
I understand that proxies and other cache mechanisms are supposed to keep an open channel of communication between the server sending an HTTP cookie header (i.e. "Set-Cookie: ...") and a client responding with a cookie when sending an HTTP request to the server.
What I don't understand is...
How does a cache send me back a cookie? Attached to the original URL?
Does a cache send a visitor a cached copy of my page content (which has been cached as a static page) while sending me the cookie?
For example let's say a visitor originally requests the URL www.nowhere123.com/contact.html (which internally calls my generating script to set a cookie and create contact.html).
Let's say the page is cached.
Now let's say that the visitor comes back another day and requests the same URL again.
The cached content of the page (now static in the cache) will be sent to the visitor from the cache. The cookie will be sent back to the server attached to a new HTTP URL (www.nowhere123.com/contact.html) request.
My generation script will be activated, generating a new cookie and a new page.
Will the new page overwrite the page the visitor is seeing from the cache? On their browser? Will my new cookie be sent through the cache mechanism to the visitor while my new page content will be dropped by the cache?
I just don't get it...yet.
It would seem that none of my script generated pages which set cookies will be cacheable. Since cookie use will cause the page to be re-generated on every cookie returned through the original URL.
Do I have this right?
Any further clarification would be appreciated.
I'm just starting out with cookies, I know the general info about them
and I am planning to use them in my Intranet site so I can track of
my users. Now I was just taking a look at some and I spotted that Webmaster World's cookie for logging in, the user name and password are in clear text. I was just wondering why.