Cookie Settings2:11 with Alena Holligan
We've set and retrieved a basic cookie, but we haven't removed our cookie yet. We also haven't used any of the additional settings that limit access to our cookies. Let's take a look at the settings we'll be working with.
|The Expiration Date tells the browser how long to store the cookie. This is a full date and time in UTC. When it is past the expiration date the cookie is removed. This is used both to delete a cookie, such as when a user logs out, and also to keep a cookie active after the browser has been closed
|using the browser setting for cookie expiration, which typically means the cookie is removed when the browser is closed.
|The Path restricts when a cookie is sent to the server. For example, if we wanted to store information that is only used in an admin section, we could set the path to '/admin'
|The default is the root of the domain, which allows the cookie to be access for the entire site.
|default full host
|Including any subdomain. This will make the cookie available only to that single subdomain. If a root level domain is specified, all subdomains will also be able to access the cookie.
|Adding the Secure parameter makes sure the cookie can only be transmitted securely over HTTPS, and it will not be sent over unencrypted HTTP connections
|By default, this parameter is not sent
|The HttpOnly parameter makes cookies inaccessible via the document.cookie API, so they are only editable by the server
|By default, the HTTP foundations plugin we're using, does send this parameter
You need to sign up for Treehouse in order to download course files.Sign up