Python on the web: How to set cookies in a CGI script

/ Chris Nielsen

I am working on a Python CGI web tool that allows a user to traverse through a long list of xml elements, where each element appears on the screen one at a time. The tool allows the user to make changes to editable fields and creates a report of the deltas, as well as a copy of the new edited xml.

The tool has a log in screen  where the user selects themself from a menu of predefined editors, and the user supplies the project password to gain access to the data.

When the user log in is validated, the script sets a cookie in the user’s browser that consists of the user’s name, xml file, and last page number. In this post I am going to describe how to set that cookie.

1. Setting the cookie needs to be the FIRST thing that happens in the HTTP response, every time the server responds to a GET or POST event from the browser. For example, either by:

  • loading the URL to the python cgi script – which is a ‘GET’,
  • or by posting something from a web form – which is a ‘POST’,

2. The logic in the cgi script must be ordered to make sure this is always the case. With every HTTP response, nothing should be printed to the browser via Content-type: text/html until AFTER the cookie is taken care of.

Here is how to set the cookie:

  1. import Cookie
  2. Instantiate a new SimpleCookie() object:  c = Cookie.SimpleCookie()
  3. Treat the SimpleCookie object as if it is a dictionary. The key will be the name of the cookie, and the value can be a string of key-value pairs, separated by pipe symbols. For example: c['xml_edit_tool'] = 'Chris Nielsen|xml_file=important_part6.txt|place=2'
  4. Finally, print the cookie object ‘c’ to the browser. Do this before printing anything else to the browser with "Content-type: text/html\r\n"

Here is the complete code for setting the cookie:

#!C:\Python27\python.exe -u

import Cookie

c = Cookie.SimpleCookie()
c['xml_edit_tool'] = 'Chris Nielsen|xml_file=important_part6.txt|place=2'

# Output the HTTP message containing the cookie BEFORE Content-type text/html!
print c
print "Content-type: text/html\r\n"

The complete header that is sent from the server via print c looks like this:

Set-Cookie: xml_edit_tool="Chris Nielsen|xml_file=important_part6.txt|place=2"

In Firefox, you can check to make sure that your cookie is there:

Leave a Reply