cookieAdd method

void cookieAdd(
  1. Cookie cookie
)

Set a cookie.

A session cookie is one that does not have an expiry date. It gets deleted when the browser is closed.

A persistent cookie is one that has an expiry date.

Secure cookie ... The browser only sends the cookie over HTTPS and never sends it over HTTP.

HttpOnly cookies are only used when transmitted over HTTP or HTTPS. They cannot be accessed by JavaScript etc.

Note: the name and value of the cookie cannot contain whitespace. Cookie names are case sensitive

Typically, the Cookie.path should be set to the server's Server.basePath. For improved security, the Cookie.httpOnly should be set to true.

The Cookie.name must not be the same as the server's Server.sessionCookieName.

A refresher on cookies:

  • The value may consist of any printable ASCII character (! (33) through ~ (126)) excluding , (44) and ; (59) and excluding whitespace (space (32)).
  • The name excludes the same characters, as well as = (61).
  • The name is case-sensitive.

Implementation

void cookieAdd(Cookie cookie) {
  if (_headersOutputted) {
    throw StateError('Header already outputted');
  }
  _logResponseCookie.fine('add: $cookie');

  cookies.add(cookie);
}