Please remember this is a work in progress. Home » Classes





This class controls if/how IntraWeb generates cookies which are used in session management. The ServerController creates an instance of TIWBackButtonOptions, used internally.



Class hierarchy

TPersistent -> TIWSessionCookieOptions


SessionCookies: Boolean; [Published, Read/Write]

First, lets make clear the context. "Session" in SessionCookies means HTTP session, not IntraWeb user session. HTTP session cookies have a very specific meaning, i.e. they are not persistent cookies which are deleted when the client shuts down. This means that when the browser closes, all session cookies are also destroyed. Please notice that only closing the browser tab won't destroy session cookies.

When True, IntraWeb will generate code to create HTTP session cookies on the browser side. You can still turn it off and have IntraWeb creating cookies on the browser side, depending on UseCookies property.

CookieNameSuffix: string; [Published, Read/Write]

Any string to be used as a suffix for the cookie name. This is optional.

UseCookies: Boolean; [Published, Read/Write]

When True, IntraWeb will use cookies to do all the session management, on the browser side. When SessionCookies is False, the cookies will be persistent, i.e. even if you close and reopen the browser, the cookie will be preserved. On the other hand, when UseCookies is True and SessionCookies is also True, IntraWeb will create HTTP session cookies which are not persistent, meaning that the session will be lost, on the browser side, when the browser is closed.

Secure: Boolean; [Published, Read/Write]

When True, IntraWeb will add create secure cookies. A secure cookie will only be sent to the server when a request is made using SSL and the HTTPS protocol. Read more about it here.

HttpOnly: Boolean; [Published, Read/Write]

When True, IntraWeb will add create Http-only cookies. HTTP-only cookies aren't accessible via JavaScript through the Document.cookie property. Read more about it here.

SameSite: TIWCookieSameSiteOption; [Published, Read/Write]

Possible values are ssoNone, ssoLax, ssoStrict.

Same-site allows servers to assert that a cookie ought not to be sent along with cross-site requests, which provides some protection against cross-site request forgery attacks (CSRF). Read more about it here.


Create [Public]

Declaration: constructor Create(AServerControllerBase: TIWServerControllerBase); virtual;

Description: Constructs an instance of the class TIWSessionCookieOptions and initializes its data.


  • AServerControllerBase (TIWServerControllerBase): TIWServerController instance

Assign [Public]

Declaration: procedure Assign(ASource: TPersistent); override;

Description: Copies properties values from another TIWSessionCookieOptions instance or TPersistent descendant.


  • ASource (TPersistent): [param description]


Terms of Use | Privacy Statement © 2002 - 2019 Atozed Software