Setting a cookie in JavaScript includes one required argument and several optional ones:
document.cookie = "name=value[; expires=UTCString][; domain=domainName][; path=pathName][; secure]";
Arguments within square brackets ([]) are optional. Each of these optional arguments has a default value if omitted.
name = value
The name of a cookie is a string of (almost) any characters designating the cookie's name. When naming your cookies, you need to take some things into consideration. The use of semicolons, commas, or white space is not allowed. When naming cookies, use alphanumeric (A-Z, a-z, 0-9) characters and possibly the underscore (_) character for the sake of readability. There are almost no reserved words or variable name limits when assigning cookie names. "Fred", "All_Your_Base", and "Ali92" would all be valid cookie names. The exceptions are "expires", "domain", "path", and "secure", each of which defines a particular argument for the cookie.
The value of a cookie is also a string of any characters without semicolons, commas, or white space, designating the value of the cookie. The name and value strings together can be no more than 4KB per cookie. You cannot set the value of a cookie to undefined or null, but you can set it to "","rock", "hello%20world", and "" are all valid cookie values.
expires = UTCString
The expires argument of a cookie indicates when the cookie should expire. Setting the expires argument is optional. If you omit this argument, you are creating a session cookie and as such the cookie will expire at the end of the current browser session. If you want your cookies to be persistent, assign a value to the expires argument.
This value needs to be in Universal Coordinated Time, which you can easily set using JavaScript's toGMTString() or toUTCString() methods of date() objects.
domain = domainURLString
The domain argument of a cookie indicates the domain name to which the cookie belongs. In most cases the domain argument isn't used because it defaults to the domain of the cookie's document. In some cases, however, you may want to be able to access your cookie on other pages that reside in different domains on the same server. To allow this, simply remove the characters of the domain name that restrict your cookie's domain scope. Consider this example:
http://www.example.code.com
A cookie created with its domain attribute set to .code.com will be readable from any of the documents in the "example" domain as well as the "code" domain. If the domain attribute was set to .example.code.com, only documents within the "example" domain would be able to see the cookie.
When specifying the value of the domain attribute, the leading full stop (dot or period) is necessary when not specifying a fully qualified domain name. You must specify at least two levels of the domain name.
path = pathName
The path argument of a cookie indicates to the Web server which part of its directory structure uses the cookie. Paths represent directories, not the individual files in those directories. When setting the path for a cookie, use forward slashes ("/")instead of backslashes ("\"). You should avoid the use of trailing slashes.
The domain root directory can be indicated by a zero-length string,"", or the traditional "/". If not given the path of the document setting the cookie is the default value. The following forces the path to the "disted" directory:
document.cookie = "violets = blue; domain = .uvsc.edu; path = /disted;";
secure
The secure attribute, when specified, sets the cookie as a restricted cookie. This means it is for use only with connections employing Secure Socket Layer (SSL) protection through the https://protocol. Otherwise, the cookie will be accessible to nonsecure documents as well. (SSL is beyond the scope of this course; in a nutshell, it refers to encryption and signed documents.)
Let's sum up the syntax issues we covered here:
After reviewing the cookie syntax it is no wonder that the average developer won't take the time to work with and understand cookies. Luckily you can lean on the backs of those who have gone before you. Let's look at how I use cookies.