The header’s name (key) without the colon (
The header’s value
The Content-Length header is set automatically.
Among the standard headers which may be added to a response is Set-Cookie. If you wish to use this header, be aware that unless you restrict the cookie by path, its contents will be accessible to a browser when it contacts any other agent. This is because all agents exist in the same domain,
To override this behavior, limit the scope of your cookie to a single agent. Do this by adding a path field to the definition of the cookie in your agent code:
response.header("Set-Cookie", "cookie=SOME_DATA ; path=/<agent ID>")
where <agent ID> is the part of the agent’s URL after the domain:
Developers can see the agent ID of a development device’s agents in the IDE, but production devices’ agent IDs are not accessible this way. Instead, your agent code should contain functionality to determine a given instance’s ID and apply it to the Set-Cookie header. See the second example code below for one method for making this happen.
For more information on how cookies operate, see Wikipedia.
This code shows a typical HTTP request handler which modifies the automatically generated HTTP response and then sends the response back to the source of the original request.
The following code shows how to secure a
Set-Cookie header by adding the agent’s own unique ID to the cookie’s path variable. This will limit access to the cookie generated with this ID to this agent only.