iscookie Element

Set a cookie in your system

Syntax

<iscookie
  name    = cookie_name //required
  value   = cookie_value //required
  comment = cookie_use
  domain  = domain_name
  path    = pathname
  maxAge  = cookie_lifetime
  version = cookie_spec
  secure  = "on" | "off"
/>
name = cookie_name

Allowed data type: string or expression.

cookie_name is a string or expression that specifies a name for the cookie. Names starting with "$" are not allowed.

value = cookie_value

Allowed data type: string or expression.

cookie_value is a string or expression that specifies the value stored by the cookie, such as a specific user ID.

comment = cookie_use

Allowed data type: string or expression.

Because cookies can contain private information about a user, the comment attribute lets you document the intended use of the cookie. The user can inspect the information to decide whether to accept to accept or not to accept the cookie.

domain = domain_name

Allowed data type: string or expression.

domain_name specifies the domain for which the cookie is valid. An explicitly specified domain must always start with a dot. If not specified, the browser sets the attribute domain to the domain that issues the cookie.

path = pathname

Allowed data type: string or expression.

pathname specifies the subset of URLs to which this cookie applies. Pages outside of that path can't use the cookie.

maxAge = cookie_lifetime

Allowed data type: integer or expression.

cookie_lifetime defines the lifetime of the cookie in seconds. The value is a non-negative decimal integer. After the specified time elapses, the buyer's browser can discard the cookie. If the value is 0, the cookie will be deleted. If the value is less than 0, the cookie isn't persistent and is deleted when the browser exits. The lifetime of the cookie set by Salesforce B2C Commerce when an anonymous customer enters the site for the first time adheres to certain international data storage regulations. The maximum age of this cookie is 6 months. The lifetime of any cookie set by B2C Commerce is 6 months or less.

version = cookie_spec

Allowed data type: decimal integer or expression.

cookie_spec is a decimal integer that identifies the version of the specification which the cookie conforms to. A decimal integer contains any of the digits 0 through 9.

secure = "on" | "off"

The secure attribute indicates that a cookie must only be used with a secure server, such as SSL. Default value is off. Expressions are not allowed.

Supporting Objects

For programmatically reading and modifying cookies, see also the following classes in the Scripting API documentation:

  • dw.system.Request
  • dw.web.Cookies
  • dw.web.Cookie

Purpose

A cookie is a message given to the web browser by B2C Commerce. A cookie lets you store user-related information on the buyer's system, such as storefront preferences for a single buyer. Cookies can also be used to simplify the login procedure, so buyers don't have to type in their names and passwords each time they access the storefront. To accomplish this, the cookie would store a unique user ID on the buyer's system. After the cookie is stored, the browser returns it every time the buyer requests the URL of the issuing server.

You can't set a cookie's SameSite attribute using the API. The server sets SameSite to None if either the developer sets the cookie's Secure flag or the global security preference Enforce HTTPS is enabled, in which case the Secure flag is also set. Otherwise, the server doesn't set the SameSite attribute and the browser uses its own default SameSite setting. The SameSite attribute is not sent with a cookie if the server detects that the client doesn't correctly interpret the attribute.

Example

The following example shows how to set a cookie that can be used later to identify a customer:

<iscookie
name = "UserID"
value = "${pdict.buyer.UUID}"
comment = "your international customer ID"
domain = ".foo.com"
path = "/acme"
maxAge = "10000"
version = "0"
secure = "on"
/>

The following example shows how to use a cookie that is sent with the current request.

<isif condition = "${request.httpCookies['UserID'] != null)}">
<isredirect location = "${URLUtils.url('LoginPanel')}" />
</isif>