Skip to main content

Table 1 HTTP cookie attributes [[2]]

From: Secure cross-domain cookies for HTTP

Attribute

Description

Comment

Short description of the intended use of the cookie

Domain

DNS domain or IP address for which the cookie is valid

HttpOnly

If present, the cookie cannot be accessed by a client-side script (e.g., written in JavaScript). Although non-standard, this attribute is supported by most Web browsers [4]

Max-Age

Maximum period after which the cookie must be discarded

Path

Subset of URLs on qualifying hosts for which the cookie is valid

Port

List of TCP ports on qualifying hosts for which the cookie is valid

Secure

If present, the cookie may be transported only over a secure (e.g., SSL-protected) channel