3.4 Using Cookies in Your WAM Application
You can control how cookies are set in the browser by adding a special cookies section to your Input XML file for a WEBROUTINE. For example:
<lxml:server-instructions>
<lxml:cookies>
<lxml:cookie name="USRID">
<lxml:value field-name="EMPNO"></lxml:value>
<lxml:expires field-name="EXPDAT"></lxml:expires>
<lxml:domain field-name="DOMAIN"></lxml:domain>
<lxml:path field-name="PATH"></lxml:path>
<lxml:secure field-name="SECFLAG"></lxml:secure>
<lxml:httponly field-name="HTTPFLAG"></lxml:httponly>
</lxml:cookie>
</lxml:cookies>
</lxml:server-instructions>
This example demonstrates the format of the cookies section that is required if you wish to set cookies in the browser from WEBROUTINE field values. The lxml:cookie element contains all the required cookie information. Its name attribute specifies the name used to store the cookie, as well as the LANSA field name that will contain the cookie value on subsequent WEBROUTINE requests.
Note: The cookies section must be inside the server-instructions section, as shown in the example.
The following table describes the elements:
Element |
Description |
lxml:value |
The value to store for the cookie. |
lxml:expires |
The expiry date of the cookie in GMT format. If this is not specified, the cookie will expire when the browser is closed. |
lxml:domain |
The domain name to make the cookie available to all subdomains of the specified domain. If unspecified, the cookie is only available to the pages of the domain that set the cookie. |
lxml:path |
The path of the cookie even though it may be being set on a page from a different directory. This value can be used to ensure that a cookie set in one subdirectory is available in another by specifying a path of a parent directory used by both subdirectories. If a '/' value is specified, then the cookie is available in all subdirectories of the domain. If unspecified, the cookie is only available in the path it was set in. |
lxml:secure |
A value of true indicates that the cookie is only available to pages from secure SSL domains. |
lxml:httponly |
Supported by most modern browsers. A value of true indicates that the cookie should not be accessible via non-HTTP APIs (for example, JavaScript). |
The above elements may also specify a field-name attribute that contains the name of the field storing the cookie values as shown in the first example.
The following example show how cookie values can be specified directly in the XML:
<lxml:cookies>
<lxml:cookie name="LSTACT">
<lxml:value>Inquiry</lxml:value>
<lxml:expires>Thu, 31 Dec 2020 10:00:00 GMT</lxml:expires>
<lxml:domain>acme.com</lxml:domain>
<lxml:path>/home</lxml:path>
<lxml:secure>true</lxml:secure>
<lxml:httponly>true</lxml:httponly>
</lxml:cookie>
</lxml:cookies>