JavaScript Cookies

The JavaScript cookie is a document object. The following parameters specify a cookie:

  • name=value
  • expires=date
  • path=path
  • domain=domainname
  • secure

RFC 822 defines the format of a cookie. The toGMTString() function can be used to generate the date that will work with a cookie.

This following code will test to see if a cookie exists with a specified value, then redirect to an HTML page based on whether the cookie and its value were found. It will set the cookie to expire in one hour. This code is the same as the code in the events section of this document where it is active and may be tested.

<TITLE>Using functions as event handlers</TITLE>
function nameDefined(ckie,nme)
   var splitValues
   var i
   for (i=0;i<ckie.length;++i)
      if (splitValues[0]==nme) return true
   return false
function delBlanks(strng)
   var result=""
   var i
   var chrn
   for (i=0;i<strng.length;++i) {
      if (chrn!=" ") result += chrn
   return result
function getCookieValue(ckie,nme)
   var splitValues
   var i
   for(i=0;i<ckie.length;++i) {
      if(splitValues[0]==nme) return splitValues[1]
   return ""
function testCookie(cname, cvalue) {  //Tests to see if the cookie 
   var cookie=document.cookie           //with the name and value 
   var chkdCookie=delBlanks(cookie)  //are on the client computer
   var nvpair=chkdCookie.split(";")
   if(nameDefined(nvpair,cname))       //See if the name is in any pair
      tvalue=getCookieValue(nvpair,cname)  //Gets the value of the cookie
      if (tvalue == cvalue) return true
	   else return false
   else return false
function redirectLink() {
   if (testCookie("javahere", "yes")) {
      window.location="javahere.html"		//Go to the location indicating the user has been here
      var futdate = new Date()		//Get the current time and date
      var expdate = futdate.getTime()  //Get the milliseconds since Jan 1, 1970
      expdate += 3600*1000  //expires in 1 hour(milliseconds)
      var newCookie="javahere=yes; path=/;"	//Set the new cookie values up
      newCookie += " expires=" + futdate.toGMTString()
      window.document.cookie=newCookie //Write the cookie
      window.location="javanot.html"		//Go to the location indicating the user has not been here
<H3>Using an event handler to direct a link based on a cookie value</H3>
<A NAME="Here" onClick="return redirectLink()">See if you've been here.</A>

The method used to delete a cookie is to set it's expiration data in the past. The name and path must match the name and path used when the cookie was set.

Cookie Path

Cookies are, by default, available to all other files in the same directory the cookie was created in. To make a cookie available to all files on the webserver use the path statement similar to:

document.cookie = "javahere=yes; path=/";

To make the cookie available to the javascript directory and all its subdirectories only use a statement like:

document.cookie = "javahere=yes; path=/javascript";

Cookies may have the same name with different values.


The "domain" parameter is used to set the domain the cookie is accessable to. A path can be set for your own domain only and the domain path must include at least two periods ( It must match your server's domain name. Therefore cookies are not a security risk since only the server that sets them can use them.


If the "secure" parameter is set, the cookie can only be sent to a Secure Sockets Layer (SSL) server which would have a URL like:

It uses "HTTPS" for the protocol rather than "HTTP".

Cookie Quantities

The maximum number of cookies and sizes are listed below:

  • Total cookies on a browser - 300.
  • Total cookies from one server or domain - 20.
  • The largest cookie size - 4Kb

The least recently used cookies are discarded first when more room for cookies is required.