Reads a cookie with the given name from the current request.
Signature
sqlpage.cookie(name TEXT) -> TEXT
Parameters
The name of the cookie to read
Return Value
The value of the cookie as text, or NULL if the cookie is not present
Description
The cookie() function reads HTTP cookies sent by the browser. Cookies are commonly used for session management, personalization, and tracking.
Cookies can be set using the cookie component.
Examples
Read and Display Cookie
Read a username cookie and greet the user:
SELECT 'text' as component,
'Hello, ' || sqlpage.cookie('username') || '!' as contents
WHERE sqlpage.cookie('username') IS NOT NULL;
Session Authentication
Check if a user is logged in using a session cookie:
SET session_id = sqlpage.cookie('session_id');
-- Redirect to login if no session
SELECT 'redirect' as component,
'/login.sql' as link
WHERE $session_id IS NULL;
-- Verify session is valid
SET user_id = (SELECT user_id FROM sessions WHERE token = $session_id AND expires_at > CURRENT_TIMESTAMP);
SELECT 'redirect' as component,
'/login.sql' as link
WHERE $user_id IS NULL;
-- Show protected content
SELECT 'text' as component,
'Welcome back!' as contents;
Remember User Preferences
Use a cookie to remember user theme preference:
SET theme = COALESCE(sqlpage.cookie('theme'), 'light');
SELECT 'shell' as component,
'My Application' as title,
$theme as theme;
-- Form to set username
SELECT 'form' as component;
SELECT 'username' as name, 'text' as type, 'Enter your name' as label;
-- When form is submitted
SELECT 'cookie' as component,
'username' as name,
:username as value,
3600 * 24 * 365 as max_age -- 1 year
WHERE :username IS NOT NULL;
SELECT 'redirect' as component,
'/' as link
WHERE :username IS NOT NULL;
-- Read cart from cookie (comma-separated product IDs)
SET cart = sqlpage.cookie('cart');
-- Display cart items
SELECT 'list' as component;
SELECT
name as title,
price as description
FROM products
WHERE id IN (SELECT value FROM json_each('[' || REPLACE($cart, ',', '],[') || ']'));
Cookie Security
HttpOnly Cookies
When setting cookies with the cookie component, use httponly to prevent JavaScript access:
SELECT 'cookie' as component,
'session_id' as name,
sqlpage.random_string(32) as value,
TRUE as httponly, -- Prevents XSS attacks
TRUE as secure; -- HTTPS only
Secure Cookies
For production, always use secure cookies that are only sent over HTTPS:
SELECT 'cookie' as component,
'auth_token' as name,
$token as value,
TRUE as secure,
TRUE as httponly,
'Strict' as samesite;
Common Cookie Names
session_id - Session authentication tokenscsrf_token - CSRF protection tokenstheme - User interface themelanguage - User’s preferred languagecart - Shopping cart data
See Also