The cookie component

Sets a cookie in the client browser, used for session management and storing user-related information.

    This component creates a single cookie. Since cookies need to be set before the response body is sent to the client,
    this component should be placed at the top of the page, before any other components that generate output.
    
    After being set, a cookie can be accessed anywhere in your SQL code using the `sqlpage.cookie('cookie_name')` pseudo-function.

Top-level parameters

name

REQUIRED. The name of the cookie to set.
TEXT

domain

The domain for which the cookie will be sent. If not specified, the cookie will be sent for all domains.
TEXT

expires

The date at which the cookie expires (either a timestamp or a date object). If not specified, the cookie will expire when the browser is closed.
TIMESTAMP

http_only

Whether the cookie should only be accessible via HTTP and not via client-side scripts. If not specified, the cookie will be accessible via both HTTP and client-side scripts.
BOOLEAN

max_age

The maximum age of the cookie in seconds. number of seconds until the cookie expires. If both Expires and Max-Age are set, Max-Age has precedence.
INTEGER

path

The path for which the cookie will be sent. If not specified, the cookie will be sent for all paths.
TEXT

remove

Set to TRUE to remove the cookie from the client browser. When specified, other parameters are ignored.
BOOLEAN

same_site

Whether the cookie should only be sent for requests originating from the same site. See owasp.org/www-community/SameSite. `strict` is the recommended and default value, but you may want to set it to `lax` if you want your users to keep their session when they click on a link to your site from an external site.
TEXT

secure

Whether the cookie should only be sent over a secure (HTTPS) connection. Defaults to TRUE.
BOOLEAN

value

The value of the cookie to set.
TEXT

Examples

Create a cookie named username with the value John Doe...

SELECT 'cookie' as component,
        'username' as name,
        'John Doe' as value
        FALSE AS secure; -- You can remove this if the site is served over HTTPS.

and then display the value of the cookie using the sqlpage.cookie function:

SELECT 'text' as component,
         'Your name is ' || COALESCE(sqlpage.cookie('username'), 'not known to us');

See also: other components

alert authentication big_number breadcrumb button card carousel chart code columns cookie csv datagrid debug divider dynamic foldable form hero html http_header json list map redirect rss shell status_code steps tab table text timeline title tracking