Cookies

Cookies used by CGI/ISAPI applications to store data in Client computers.
For example if some one enter a login name and password and send these information
to the server (CGI/ISAPI application), the server can send it again to the client
(Browser) after authentication, and store it in a temporary location called (Cookies).
After logining, if the user browses pages and he/she requests any information which
can not be displayed without authentication (for example the user wants to see his
E-Mail messages), in this case user cookies will be sent automatically withen the
request and CGI/ISAPI application can understand
that this user is already authenticated, and of course the CGI can know user's loggin
name and password.
Suppose that there is no cookies, how can the CGI/ISAPI authenticate each request?
The answer is very simple, in each request the user must send the login name and
password. For example when the user clicks on Inbox folder he must type his login
name and password, and when he want to read a message he must also type his login
name and password again and again to let the CGI know who is this user in each request
because there is no relation between each request and the next one in the server
side. Actually this also happens with cookies, when the user clicks at any CGI link,
he will send his login name and password in each time but the difference is that
the cookies will be sent automatically with every request until it expires.

Setting cookies:

Cookies always must be set after logining. For example suppose that the user enter
his name and password in a login form then he submit it to this CGI application:

var
Login, Password: string;
begin

// Read Login name and Password from Login form
Login:=
Request.ContentFields.Values['Login'];
Password:=
Request.ContentFields.Values['Password'];

//....
// After checking Login name and password in users Database
// send Login name and Password to user's cookies

Response.Cookies.Add;
Response.Cookies.Items[0].Name:= 'Login';
Response.Cookies.Items[0].Value:= Login;
Response.Cookies.Items[0].Expires:= Now + 1;

Response.Cookies.Add;
Response.Cookies.Items[1].Name:= 'Password';
Response.Cookies.Items[1].Value:= Password;
Response.Cookies.Items[1].Expires:= Now + 1;

Response.SendResponse;

This code of OnAction event will save current user Login and Password in his cookies
to be used later in other requests.
Expires property set the expiration date of the cookie, for example if we set it
to Now + 1 that means this cookie will not be sent with requests after a day since
last setting for that cookie (Logining). Also you can set expiration date after an
hour (Now + 1/24), see Date and time routines

Reading cookies:

Now after logining the user want to send requests such as asking a question or see
his messages, etc...
The user will click in CGI link but this time he would not send the
Login name and Password again, because they are already stored in his cookies. The
authentication of the CGI will be like the code below:

var
Login, Password: string;
begin

// Read cookies to check is the user already logged on

Login:=
Request.CookieFields.Values['Login'];
Password:=
Request.CookieFields.Values['Password'];

//...
// Check user login and password, if the fields are empty that
// mean the user does not logged in. In this case you can
// display login form:

if Login = '' then
Response.SendRedirect('Login.htm')
else
// Response to his request
// ...

Notes:

For security purpose there are cookies for each CGI application, so that in your
CGI application you cann't read other sites cookies which stored in your client computer,
for example there are two different cookie storage place for below URLs:

http://www.yourserver.com/cgi-bin/users.exe
and
http://www.otherserver.com/cgi-bin/users.exe

And it seem that the URL is case sensitive so that below addresses are even has
different cookies:

http://www.yourserver.com/cgi-bin/users.exe
and
http://www.YourServer.com/CGI-BIN/Users.exe

Anothe important thing is that you have to set and read cookies using the same CGI
application.