Java script for removing session cookies. Cookies - installation

How to enable cookies and JavaScript?

Cookies ( English. cookies) is text information, in which they are usually stored individual settings user on a specific site. Used to save data on the user side, in practice it is usually used for:

• user authentication;
• storing personal preferences and user settings;
• tracking the state of the user's access session;
• maintaining statistics about users.

It cannot be accessed by any other site other than the one for which it was created. This information is not executable code and therefore does not pose any threat to the security of your computer. It usually takes up such an insignificant volume that it’s not worth mentioning.
HTTP Cookie

JavaScript is a tool that allows you to create simple dynamic elements or automation on your website. It is executed by the browser, just like text code web page has a fairly small and standardized set of capabilities, so when it is enabled, the security of the page remains virtually unchanged.
JavaScript

Our site requires JavaScript to be enabled and writability enabled. cookies. By default, both features are enabled and most users do not need to do anything special. If you have problems, it means that someone has customized your browser, disabling one or both of your features. To continue working with the site, you need to enable them.

Click the "Tools" button and select "Settings".

On the "Privacy" tab, in the "Firefox:" area, select the "will use your history settings" option
Uncheck the "Automatically start Firefox in private browsing" and check the boxes for the options: "Accept cookies from sites" and "Accept cookies from third-party sites", then click "OK"

In the window that appears, select “Content”. Make sure that the checkbox next to “Use JavaScript” is checked; if not, check it.

Now click the “OK” button and restart your browser.

Press the Menu button and select Settings.

On the Advanced tab, in the Cookies area, select the Accept cookies option.
In the "Content" area, check the "Enable JavaScript" checkbox.

Click the "OK" button and restart the browser.

Internet Explorer 8

Click the Tools button and select Internet Options.

Default functions JavaScript execution and the ability to write cookies are enabled and most users do not need to do anything special. Check your settings and restore them if necessary.

Click the Privacy tab and then in the Options area, click the Default button or set the slider as shown.
On the Security tab, repeat the same steps.

Click OK and restart your browser.

Click the "Settings and Google management Chrome" and select "Options"

JavaScript makes it possible to set and read cookies in the browser. In this lesson we will look at how to work with cookies, and also make simple page, which will remember the name you entered and display it every time you log in.

What are cookies?

Cookies are small amounts of data that are stored web browser. They allow you to store certain information about the user and retrieve it every time he visits your page. Each user has their own unique set of cookies.

Typically, cookies are used by the web server to perform functions such as tracking site visits, registration on the site, and storing information about orders or purchases. However, we don't need to invent a web server program to use cookies. We can use them with using JavaScript.

The document.cookie property.

IN JavaScript cookies accessible via the cookie property of the document object. You can create cookies as follows:

And get the entire saved set of cookies like this:

Var x = document.cookie;

Let's look at saving and retrieving cookies in more detail.

Saving cookies

To save cookies you need to assign document.cookie text string, which contains the cookie properties we want to create:

document.cookie = " name = value; expires = date; path = path; domain = domain; secure";

The properties are described in the table:

Property Description Example

name = value	Sets the cookie name and its value.	username=Vasya
expires= date	Sets the expiration date for cookies. The date must be in the format that is returned by the Date object's toGMTString() method. If expires is not specified, the cookie will be deleted when the browser is closed.	expires= 13/06/2003 00:00:00
path= path	This option sets the path on the site within which the cookie is valid. Only documents from specified path. Usually this property left blank, which means that only the document that set the cookie can access it.	path=/demo/
domain=domain	This option sets the domain within which the cookie operates. Only sites from the specified domain can receive the cookie value. Typically this property is left empty, which means that only the domain that set the cookie can access it.	domain=website
secure	This option tells the browser to use SSL to send cookies to the server. Very rarely used.	secure

Let's see an example of setting cookies:

document.cookie = "username=Vasya; expires=02/15/2011 00:00:00";

This code sets the username cookie and assigns it the value "Vasya", which will be stored until February 15, 2011 (European time format is used!).

var cookie_date = new Date(2003, 01, 15); document.cookie = "username=Vasya; expires=" + cookie_date.toGMTString();

This code does exactly the same thing as the previous example, but uses the Date.toGMTString() method to set the date. Please note that the month numbering in the Date object starts from 0, that is, February is 01.

Document.cookie = "logged_in=yes";

This code sets the logged_in cookie and sets it to "yes". Since the expires attribute is not set, the cookie will be deleted when the browser is closed.

var cookie_date = new Date(); // Current date and time cookie_date.setTime (cookie_date.getTime() - 1); document.cookie = "logged_in=; expires=" + cookie_date.toGMTString();

This code sets the logged_in cookie and sets the storage string to the time one second before the current time - this operation will immediately delete the cookie. Manual method delete cookies!

Recoding cookie value!

The cookie value should be recoded to correctly store and display characters such as space and colon. This operation ensures that the browser interprets the value correctly. Lego recoding in progress JavaScript function escape() . For example:

document.cookie = "username=" + escape("Vasya Pupkin") + "; expires=02/15/2003 00:00:00"; Function for setting cookies

Setting cookies will be easier if we write a special function that will perform simple operations such as recoding values ​​and constructing the document.cookie string. For example:

Function set_cookie (name, value, exp_y, exp_m, exp_d, path, domain, secure) ( var cookie_string = name + "=" + escape (value); if (exp_y) ( var expires = new Date (exp_y, exp_m, exp_d ); cookie_string += "; expires=" + expires.toGMTString(); ) if (path) cookie_string += "; path=" + escape (path); if (domain) cookie_string += "; domain=" + escape (domain); if (secure) cookie_string += "; secure"; document.cookie = cookie_string; )

The function takes the cookie data as arguments, then builds the appropriate string and sets the cookie.

For example, setting cookies without an expiration date:

set_cookie("username", "Vasya Pupkin"); set_cookie ("username", "Vasya Pupkin", 2011, 01, 15);

Setting cookies with a storage period, site domain, using SSL, but without a path:

set_cookie ("username", "Vasya Pupkin", 2003, 01, 15, "", "site", "secure"); Function for deleting cookies.

Other useful feature for working with cookies is presented below. The function "deletes" cookies from the browser by setting the expiration date to one second earlier than the current time value.

function delete_cookie (cookie_name) ( var cookie_date = new Date (); // Current date and time cookie_date.setTime (cookie_date.getTime() - 1); document.cookie = cookie_name += "=; expires=" + cookie_date.toGMTString (); )

To use this function, you only need to pass it the name of the cookie to be deleted:

Delete_cookie("username");

Getting the cookie value

In order to get the value of a pre-set cookie for the current document, you need to use the document.cookie property:

Var x = document.cookie;

This returns a string that consists of a list of name/value pairs separated by semicolons for everyone cookies that are valid for the current document. For example:

"username=Vasya; password=abc123"

IN in this example 2 cookies that were pre-set: username, which has the value "Vasya", and password, which has the value "abc123".

Function to get cookie value

Typically, we only need the value of one cookie at a time. Therefore, the cookie string is not convenient to use! Here's a function that processes the string document.cookies , returning only the cookies that are of interest at a particular moment:

Function get_cookie (cookie_name) ( var results = document.cookie.match ("(^|;) ?" + cookie_name + "=([^;]*)(;|$)"); if (results) return (unescape (results)); else return null; )

This function uses regular expression to look up the cookie name that is of interest, and then return the value, which is processed by unescape() to be re-encoded to normal character form. (If the cookie is not found, null is returned.)

This feature is easy to use. For example, to return the username cookie value:

Var x = get_cookie("username");

Simple usage example

In this example, we made a page that asks for your name on your first visit, then it saves your name in a cookie and displays it on subsequent visits.

Open the page in a new window. On your first visit, it will ask you to enter your name and save it in a cookie. If you visit the page again, it will display the cookie name you entered on the screen.

For cookies, we set the retention period to 1 year from the current date, this means that the browser will save your name even if you close it.

You can view the page code in your browser by selecting the view function source code. Here's the main part of the code:

if (! get_cookie ("username")) ( var username = prompt ("Please enter your name", ""); if (username) ( var current_date = new Date; var cookie_year = current_date.getFullYear () + 1; var cookie_month = current_date.getMonth(); var cookie_day = current_date.getDate(); set_cookie("username", username, cookie_year, cookie_month, cookie_day); ) ) else ( var username = get_cookie("username"); document.write ("Hello, " + username + ", welcome to the page!"); document.write("
Forget about me!"); }

This lesson showed you how to use cookies in JavaScript to store information about your visitors. Thank you for your attention! :)

As we have already said, every time the page is loaded and every time it is updated, the scripts begin to be executed anew. On the one hand, this is good, because... you don't have to worry about previous states script. But on the other hand, sometimes it is necessary to store data about previous actions or data entered by the user.

In JavaScript, there is only one mechanism that allows you to remember your state - cookies (translated from English as “cookies”). Where this name came from is now difficult to say, but it is generally accepted that the term cookies appeared at the dawn of the development of Unix and local networks.

A cookie is a small block of text that the browser saves to disk when the page is first loaded. On subsequent updates cookie pages will be automatically sent to the server along with a GET or POST request.

Cookies are typically used to store small pieces of data such as identifiers PHP sessions, temporary session keys, password hashes, etc. Maximum volume data that can be stored in one cookie is 4 KB, and average volume cookies are usually less than a kilobyte. You should not get carried away with storing data with cookies, because... they are sent to the server every time the page is refreshed. So if your page weighs 10 KB, and you saved all 4 KB in cookies, then your traffic will increase by almost one and a half times.

Any cookie contains several fields with fixed names:

expires	The date and time the cookie expires. Once this time is reached, it will no longer be sent to the server. If this parameter is not specified, the cookie is stored until the browser is closed. The parameter must always be specified in the format "Day, Day-Day-YYYY HH:MM:SS GMT", For example: This cookie will stop being sent to the server after 10 hours 10 minutes 10 seconds on January 20, 2010 GMT.
path	The path on the server for which this cookie will be used. If you want to set a cookie for the entire server, put "/"
domain	Domain name for which it is valid given cookie. This setting applies not only to the main domain, but also to all its subdomains
secure	The parameter determines whether an encrypted connection (HTTPS) should be used to transfer cookies. If not installed, a normal connection is used.

In addition to fixed fields, you can set your own. Elements are specified in the "NAME=VALUE" format, for example:

MYNAME=Uncle Vasya

Before requesting a page to the server, the browser checks to see if it already has a cookie from of this server(fields path and domain). If there are and their “expiration date” has not expired (the expires field), it sends the found data to the server. Outdated cookie browser When requesting a page, it simply ignores it.

Now let's look at how to work with cookies.

The only way to get to the current document's cookies is to use the built-in document.cookies object. This is essentially a string containing all the cookies, one after the other, separated by semicolons:

Name_1=value_1;name_2=value_2;.....

A new cookie is added by simply assigning a new value to the document.cookie object:

Document.cookie = "myname=deniska";

Please note that the reverse operation will not return the last cookie installed, but ALL cookies that correspond to this document:

Var list = document.cookie; // list now contains all the document's cookies

Let's look at a complex example and create several functions for manipulating cookies.

// getting a cookie at a given offset function GetValue (offset) ( var strEnd = document.cookie.indexOf (";", offset); if (strEnd == -1) strEnd = document.cookie.length; return unescape(document. cookie.substring(offset, strEnd)); ) //getting a cookie by name function GetCookie(name) ( var key = name + "="; var i = 0; while (i< document.cookie.length) { var j = i + key.length; if (document.cookie.substring(i, j) == key) return GetValue (j); i = document.cookie.indexOf(" ", i) + 1; if (i == 0) break; } return null; } // установка cookie по имени function SetCookie (name, value) { var argv = SetCookie.arguments; var argc = SetCookie.arguments.length; var expires = (argc >2) ? argv:null; var path = (argc > 3) ? argv:null; var domain = (argc > 4) ? argv:null; var secure = (argc > 5) ? argv: false; document.cookie = name + "=" + escape (value) + ((expires == null) ? "" : ("; expires=" + expires.toGMTString())) + ((path == null) ? " " : ("; path=" + path)) + ((domain == null) ? "" : ("; domain=" + domain)) + ((secure == true) ? "; secure"; : " "); ) // deleting one cookie function DeleteCookie(strName) ( document.cookie = strName + "=0; expires=" + (new Date(0)).toGMTString(); )

Now let's look at an example of using our functions:

var userName = GetCookie("username"); if (userName == null) ( // the user is not registered userName = "Guest"; ) else ( // retrieve the current page address pathName = location.pathname; // from the address we get the full domain name domain = pathName.substring(0, pathName.lastIndexOf("/")) +"/"; // get current date var expDate = new Date(); // set the "expiration date" of the cookie to a year expDate.setTime(expDate.getTime() + (365 * 24 * 3600 * 1000)); SetCookie("username",userName, expDate, domain); ) // display the username on the page document.write("

Hello, "+userName+"

");

As you can see, using cookies is quite simple. The main thing is to correctly form the appropriate parameter strings.

Currently, almost all browsers support cookies. Some users (about 2-4%) forcibly disable such support, although I personally don’t see anything dangerous in cookies. The maximum that enabled cookies can damage is that an attacker will be able to find out your username and password. mailbox, and even then - if you are too careless and start opening all sorts of postcards, jokes and other dangerous dirty tricks from the web interface of the mailer.

You can determine whether a user has cookies enabled or not using the following function:

// The function returns true if cookies enabled, // otherwise - false function IsCookieEnabled() ( // check the existence of the navigator.cookieEnabled property if(typeof(navigator.cookieEnabled) != "undefined") return navigator.cookieEnabled; else ( // if the navigator.cookieEnabled property / / is not supported, then we’ll just try // to set and get back the test cookie var tmpCookie = "testCookieForCheck"; SetCookie(tmpCookie, "1"); if(GetCookie(tmpCookie) != null) ( DeleteCookie(tmpCookie); return true; ) return false; ) )

Cookies provide many benefits. For example, when registering on websites, the registration form usually has a “remember me” checkbox. If you do not set it, the server stores a temporary cookie that is valid only until the browser is closed. But if you check the box, the server will save cookies with long term life, which means the next time you visit this site you will be automatically identified by previously saved data. A similar technique is used on most sites. Most browsers provide the ability to view and manage cookies. So you can go in at any time and see who saved what for you.

Saving the state of pages in some cases significantly facilitates site navigation and attracts potential visitors and clients, and this in turn contributes to the rapid promotion of the site. But most effective method– simultaneous saving of state both on the client side (using cookies) and on the server side (for example, using sessions).

Prepared by: Andrey Kosyak Date of publication: 12/22/2010

In the first article Cookies - we bake cookies, we looked at cookies from a long distance, so if you understand general concepts and the purpose of the cookies - you can start baking directly (I got the oven too), so we put on our cooking cap and come closer. Let's bake!

Art. Preparation

You already know that a cookie is a string, and you also know what a cookie looks like through the eyes of a browser. When installed in the browser, the cookie looks like the same line:

"cookieName = cookieValue; expires = Fri, 21 Jan 2021 06:10:00 GMT; path = /; domain = lessons.site; secure = true; "

The conditions for the existence of cookies are specified by five parameters (key=value pairs) (IMPORTANT! Each must be followed by a separator character ";"), consider them:

Cookie filling

"cookieName =cookieValue;" is the main cookie parameter; without it, the cookie loses its meaning. Here cookieName is the unique name for the cookie and cookieValue is the information (value) it will store. Looking ahead a little, I will say that the value can be anything, any structure of stored data that is convenient for you (even JSON), as well as any symbols. The only pair that is required when setting cookies.

Lifetime

"expires = Fri, 21 Jan 2021 06:10:00 GMT" - this pair, although optional, plays a very important role, along with the first. This parameter determines the lifetime of the cookie, namely, to the nearest second, on the specified date, the cookie will “live for a long time.” If this parameter is not specified, the cookie will only be valid for the duration of the session, which means that when the browser is closed, it will be deleted.

An important point is the date format. The date must be specified in text format ONLY (Fri, 21 Jan 2021 06:10:00 GMT). Again, looking ahead a little, I will say that the Date object will help us with this; it has all the necessary tools.

Installation path

"path =/" - this parameter specifies the path (directory) for which the cookie is valid. Now path has the value "/", this is nothing more than the root directory, so the cookie will be readable by absolutely all directories on the site. If access to the cookie should be limited, then we simply do not specify the path parameter or specify the general parent directory in it, and the cookie will be installed for a specific directory, but the specifics are such that the cookie will be available to all its subdirectories, at the same time - not visible to adjacent and parent directories.

What is this for? Let's imagine an elementary situation: an Internet cafe, first the user Vasya came and worked with his page on the social network, and after him Petya came and, on the same computer, on the same network, worked with his page. The participants' pages are located in the same domain, but, as a rule, are located in adjacent directories. For example: Vasya’s page is http://socset.com/vasya, Petya’s page is http://socset.com/petya. You can imagine what chaos there will be if cookies are installed in the root directory: Vasya will be able to operate with Petya’s cookies and vice versa. I think neither one nor the other will like this option. Therefore, in in this case, it would be appropriate if the cookies were bound only to the directory specific user, therefore, to all its subdirectories.

Domain

"domain = lessons.site" - this pair specifies the domain in which the cookies are valid. As a rule, it is rarely necessary to use it explicitly. The situation with this parameter is similar to the situation with the path parameter, with the difference that in Domain we operate with domains and subdomains and not directories. That is, in this case, cookies set for the lessons..site subdomain. If the parameter is not specified, then the default is used domain address document.

Safety

"secure =true" — security parameter. If this parameter is set to true, the browser will only send cookies to the server that requests them over a secure channel (SSL). This option is also rarely used. Defaults to false.

The first pancake is lumpy?

Now let's try to treat our browser with a cookie. The document.cookie object will help us with this:

Document.cookie = "firstCookie=First pancake lumpy?; expires=Fri, 21 Jan 2021 06:10:00 GMT; path=/;";

The result can be seen by opening the cookies section in your browser, or simply:

Document.cookie = "firstCookie=First pancake lumpy?; expires=Fri, 21 Jan 2021 06:10:00 GMT; path=/;"; alert(document.cookie);

And not lumpy at all! Everything is buzzing and in place.

The note

I would like to draw your attention to the peculiarity of WebKit browsers. They refuse to set cookies if the document is opened locally. In such cases I usually use local server, you will also need it when working with AJAX. Therefore, as they say, a must have! For example, Denwer (link at the end of the article).

More cookies

We sorted out one cookie. But what if you need to store, for example, data from a form (login, e-mail, phone number, etc.)? In this case, you can do this:

Document.cookie = "myLogin=My login; expires=Fri, 21 Jan 2021 06:10:00 GMT; path=/;"; document.cookie = " [email protected]; expires=Fri, 21 Jan 2021 06:10:00 GMT; path=/;"; document.cookie = "myPhone=1234567; expires=Fri, 21 Jan 2021 06:10:00 GMT; path=/;";

Thus, we have three cookies that store the login, respectively, email and phone number. But do you remember about the restrictions on the number of cookies from one domain, as well as their total number? This means that in this way we can only store limited quantity values ​​for fields. And if such a limitation “ties” our hands, we can do this:

Var formData = escape("My login; [email protected];1234567"); document.cookie = "myFormCookie="+formData+"; expires=Fri, 21 Jan 2021 06:10:00 GMT; path=/;";

As a result, we have 1 usable cookie space. I “glued” all the data into one variable and separated them with the symbol “;”, however, any symbol can be used as a separator inside the variable, this is our initiative, here we just need to make sure that this separator does not appear in the field values, otherwise difficulties will arise later when you need to read them. In this case, of course, you still need to remember about the cookie size limit (4kb).

Why escape function? It's quite simple, it encodes the cookie value into hexadecimal representation. For what? Firstly, the browser sends cookies to the server, and in order for the data to be read equally on servers under any system, this encoding is used. Secondly, if we use the delimiter ";" in a variable with field values, if we do not encode this string, then the cookie, at least, will simply not be set correctly, because the separator is ";" used to separate the parameters of the cookie itself. This point should be taken into account and, henceforth, used by default when transmitting information (cookies, AJAX).

"...and you can't stop time for a moment"

Now let's look at the expires parameter. The inconvenience is that until this moment we set the lifetime for cookies manually. But, in real conditions, this approach is practically not applicable. At a minimum, because with each subsequent visit to the site, the lifetime of cookies should be extended by some fixed line, which, in general, is justified and logical. Therefore, the Date object will completely help us in this matter:

Var formData = escape("My login; [email protected];1234567"); cookieExp = new Date(); // create a Date object cookieExp.setMonth(cookieExp.getMonth()+1); // set the current month and add another one to it document.cookie = "myFormCookie="+ formData+"; expires="+cookieExp.toGMTString()+"; path=/;";

With these actions, we set the cookie lifetime to exactly 1 month. I won’t go into detail about the Date object in this article, I’ll just describe the scheme for setting the date:

• line 2: declare cookieExp as a Date object. CookieExp now contains the current date;
• line 3: resetting to cookieExp of the month. Using the getMonth method, we retrieve the current month and add another one to it. As a result, the next month will be recorded in cookieExp;
• line 6: in this line we use the toGMTString() method to convert the date to text format;

So, depending on what lifetime you want to set for the cookie, you can use other Date object methods, from get/setMilliseconds() to get/setFullYear() (from getting/setting milliseconds to getting/setting year).

There is no point in demonstrating the remaining parameters; besides, their default values ​​in the vast majority of cases will suit you just fine.

Conclusion

As you can see, installing cookies is not something supernatural, you just need to remember (how many times I’m repeating myself :)) about the restrictions and everything will be tip-tip, well, or topi-top. The next material will be about how to get our cookies out of the oven. This is where you have to think a little.

Where to go

• next - Cookies - extraction
• previous -