CGI Programming using PowerBASIC - Part 3: Cookies

By Joe Byrne

In the previous chapter, we talked about adding some dynamic content to a web page using SSI, or Server Sided Includes. With SSI its easy to place often changing data at specific parts of a web page.  Although newer methods exist to create dynamic web pages, SSI can still be quite valuable.

Another common problem with Web programming is the difficulty of persistant data.  Passing information from one page to another, or saving user-defined settings from one visit to the next can be difficult.  One way to overcome this limitation is to use cookies. In short, a cookie is a small text file that is stored on the user's computer and can be read and written to by your CGI applications.  Practically speaking, a cookie should only contain a few k of information, such as a unique database key so your CGI application can access more detailed information from the web server.

For example, if you collect name and address information from a visitor, it would be smarter to save their unique 'visitor-id' in a cookie rather than all of their contact information.  Then, when a visitor comes to your site, your CGI application can test for the existence of this unique cookie value.  If the cookie is found, it's a simple matter of looking up their contact informtion from your database on the server.

The following functions can be called within your CGI application to read and write cookies.  This particular technology does not require anything in the HTML code, all of the cookie processing is done within the CGI program.

To set a cookie, we need to pass the proper headers to the web server using STDOUT like so:

In this example, a cookie named testcookie with the value 12345abc is saved on the user's hard drive. An important part of this code is the ; path=/ portion of the Set-Cookie command.  Since we are most often setting the cookie from within the cgi-bin/ folder (or other pre-defined CGI location) the cookie is also set here. In order to make the cookie accessible across pages, its important to put the cookie where its easy to find, such as the root of the web site's document directory. Do not confuse this with the root of the server's drive.  path=/ indicates the same location as your index.htm file and probably all/most other html pages on your site.

The last line of the above code simply completes the process of setting the cookie by refreshing or redirecting the page.  The value for Refresh Content (0 in our example) is a time delay in seconds; zero tells the web server to load the page following the URL= statement immediately.

You can set more than one cookie within the same code by simply duplicating the "Set-Cookie" command, one for each cookie value you wish to save.  It is also necessary to output a blank line after the last cookie using the STDOUT "" command.

In order to retrieve the cookie(s) and their value(s), the following function can be called within your CGI application:

Cookies are passed to the CGI application in the programs enviroment table.  The value "HTTP_COOKIE" will set a string of all cookies accessible to your CGI application.  In order to locate a specific cookie, we simply parse the list of cookies and look for the one in question.  Once the proper cookie name is found, we simply locate the position of the equal sign in the string and return the remaining part as the cookie's value.

Removing Cookies
Removing a cookie is as simple as passing a null value in the cookie's name:

While cookies are not perfect, they do offer a reasonable solution to pass data between pages and across user visits. Used with care, they add some extra flexibility to your web programming.