The Cookie data type enables to create Cookies and set different properties of them in GeneXus web objects.
||Is the cookie's name and it is a character type.
||Is the value to be stored and it is a character type.
||Is the Path that indicates the Web Panels for which the cookie is valid, and it is also a character type. If it isn’t specified, the cookie is valid for the Web Panels that are in the same directory as the one it is stored in, or in subordinated directories. If “/” is indicated, the cookie will be valid for the entire domain.
||Indicates the expiration date of the cookie. It is a Date/DateTime type. If it isn’t specified, it will expire when the session is closed in the browser.
||Is the domain where the cookie is valid. It is a character type. The default domain is the domain where it has been created.
||Is a numeric type. If it is 1, the cookie is transmitted only if the connection is secure (HTTPS). If it is 0, it is always transmitted.
In a Web Panel, &cookie is a variable of Cookie data type, &ok is Numeric data type, and &httpresponse is HttpResponse Data Type. SetCookie function is Used to save cookies.
Event 'SetCookie example'
&cookie.Name = 'USR_CTRY'
&cookie.Value = 'UY'
&cookie.ExpirationDate = ADDYR(&Today, 1)
&cookie.Domain = 'otherdom.artech.com.uy'
&cookie.Secure = 1
&cookie.HttpOnly = true
&OK = &httpresponse.SetCookie(&cookie)
It will use the configuration given by the SameSite cookie attribute property since GeneXus 17 upgrade 3.
In previous versions, it can be configured using configuration options of the webserver or other infrastructure resources as a WAF or proxy server.
- Set the Secure attribute in 1. This way the cookie will only be transmitted using HTTPS.
- Configure the SameSite attribute accordingly to the application needs. The most restrictive way possible. This is a way to restrict sharing the cookie and a mitigation option for CSRF attacks.
From version GeneXus X Evolution 2 Upgrade 3.
||Java, .NET, .NET Core
SameSite cookie attribute property