Set-cookie header setting – Cisco OL-20949-01 User Manual

6-5

Cisco Unified IP Phone Services Application Development Notes

OL-20949-01

Chapter 6 HTTP Requests and Header Settings

HTTP Header Settings

This functionality allows you to make the content of any page that is sent to the phone expire. When a
user presses the Exit softkey, the user goes back to the last URL that did not expire when it was loaded.
This differs from traditional browsers by not considering the current freshness of the data but the
freshness of the data when the URL was requested. This requires you to have a page expire when it is
first loaded and to not set a time and date in the future.

The following example shows how to have content on IIS expire by using Active Server Page (ASP):

<%@ Language=JavaScript %>

<%

Response.ContentType = "text/xml";

Response.Expires = -1;

%>

The “Expires” property specifies the number of minutes to wait for the content to expire. Setting this
value to -1 subtracts 1 minute from the request time and returns a date and time that have already passed.

Set-Cookie Header Setting

A “cookie” is a term for a mechanism that the Web server uses to give the client a piece of data and have
the client return the data with each request. The two traditional uses for cookies are:

•

For Web sites to store a unique identifier and/or other information on the client's file system. The

information is available to the Web server on subsequent visits.

•

To track a unique identifier for state management. The client returns the cookie with each request

and the server uses this identifier to index information about the current session. The identifier is
commonly referred to as a session ID. Most Web servers have a built-in session management layer
that uses this second type of cookie, which is commonly referred to as a session cookie.

The following example shows the Set-Cookie header that is returned to the browser when a request
method is used:

Set-Cookie: ASPSESSIONIDGQGQGRLS=OCPNMLFDBJIPNIOOKFNFMOAL; path=/

The Cisco Unified IP Phone can receive and use a total of four cookies per host per session and can store
information for up to eight sessions at once. Each cookie can be up to 255 bytes in size. These cookies
are available until the server terminates the session or the client session has been idle for more than 30
minutes. On the latest generation phones which are capable of running multiple applications
concurrently (Cisco Unified IP Phones 7970G, 7971G, 7961G, 7941G, 7911G), the session state is also
cleared whenever the application window closes. This behavior is consistent with PC-based browsers
and provides better security since anyone attempting to reopen a secure application would be forced to
authenticate. If the client is connecting to a new server and all session resources are in use, the client
clears and reuses the session with the longest inactivity time.

When using ASP on IIS the default server configuration automatically generates a session cookie and
sends it to the client using the Set-Cookie header. This enables you to utilize the Session object from
within ASP to store and retrieve data spanning multiple requests for the life of the session. When using
JSP on Tomcat, the default configuration generates and issues a session cookie.