rfc2109
rfc2109 (aka cookies1) is a package for dealing with cookies in an RFC-compliant way. This is often needed with Web programming.

It is BSD licensed.

DARCS repository: http://www.common-lisp.net/project/rfc2109/rfc2109/

Browse the DARCS repository: http://common-lisp.net/cgi-bin/darcsweb/darcsweb.cgi

NOTE: This tarball is out of date with the darcs repository.
ASDF-install package (obsolete) http://www.common-lisp.net/project/rfc2109/release/rfc2109-latest.tar.gz

Usage summary:

(cookie1:cookie-string "mycookie" "42" :max-age (* 6 24 60 60))
(cookie1:parse-cookies "thisis=\"an old netscape cookie\"")
(cookie1:parse-cookies "$Version=1;thisis=\"An RFC 2109-style cookie\";domain=\"fake.domain.name\"")

An araneida example is here:

It parses old netscape cookies as well as RFC 2109 cookies.

- Alan Shields


The function cookie-string in this package does not accept a value of zero, even though RFC2109 says it should. Is this a bug or a feature?


After receiving no reply from Alan, I'm putting up a separate darcs repo that adds two things to the official one:

  • Allow zero max-age to allow expiring a cookie.
  • Add Netscape's "Expires" attribute which some browsers require for setting a persistent cookie.
  • Support parsing cookie values that contain equals signs ('='). Though against the spec, these exist in the wild, used in e.g. Google AdSense/Analytics.

There are no other changes. Ideally these changes would be merged to the main tree.

Sasha Kovar