HTTP Cookies

There are two ways that Http Cookie values can be set in responses (see examples).

  • If the value is a string (1) then the cookie is created using default settings.
  • If the value is an object (2) then it will try to apply the settings. Every field is optional except “value”.

Here’s an example of how the cookies should be set:

return {
    status: 200,
    body: "Hello World",
    cookies: {
        "plain": "value", // Example (1) of just setting a value
        "complex": { // Example (2) for using a full JS object
            value: "value",
            path: "/valid/path",
            domain: "",
            comment: "Some cookie comments",
            maxAge: 2000,
            secure: false,
            httpOnly: false


Overview of full JS object and the settings can be found here. A full in-depth into how each parameter works can be found in the Java documentation for Cookies. Also, general knownledge of Cookies and their limitations is adviced.

value (required)
The value to store in the cookie. The example (2) in the code above would create a cookie looking like this complex: value.

The paths on the site this cookie should be available from (and all containing paths).

Default: empty (The current URL path.)


Add additional sites that should be able to read the cookie.

Default: empty (Only the server that creates the cookie can read it.)


A comment describing the cookie.

Default: null


Number of seconds before the browser is allowed to delete the cookie.

Default: -1 (The cookie will live until the browser is shut down.)


Control if the cookie should only be accepted to be created and read over https and similar secure protocols.

Default: false


Control if the cookie is available for scripts or not. If true, only the serverside code can read the cookie.

Default: false (Also client-side scripts can read the cookie.)