Skip to main content

Advertisement

Table 1 HTTP cookie attributes [[2]]

From: Secure cross-domain cookies for HTTP

Attribute Description
Comment Short description of the intended use of the cookie
Domain DNS domain or IP address for which the cookie is valid
HttpOnly If present, the cookie cannot be accessed by a client-side script (e.g., written in JavaScript). Although non-standard, this attribute is supported by most Web browsers [4]
Max-Age Maximum period after which the cookie must be discarded
Path Subset of URLs on qualifying hosts for which the cookie is valid
Port List of TCP ports on qualifying hosts for which the cookie is valid
Secure If present, the cookie may be transported only over a secure (e.g., SSL-protected) channel