6-5
Cisco Unified IP Phone Services Application Development Notes
OL-20949-01
Chapter 6 HTTP Requests and Header Settings
HTTP Header Settings
This functionality allows you to make the content of any page tha t i s sen t to t he phone expir e. Wh en a
user presses the Exit softkey, the user goes back to the last URL that did not expire when it was loaded.
This differs from traditional browsers by not considering the current fr esh ness of the data but t he
freshness of the data when the URL was requested. This re qu ire s yo u to have a page expire when it is
first loaded and to not set a time and date in the future.
The following example shows how to have content on IIS expire by using Active Server Page (ASP):
<%@ Language=JavaScript %>
<%
Response.ContentType = "text/xml";
Response.Expires = -1;
%>
The “Expires” property specifies the number of minutes to wait for the content to expire. Setting this
value to -1 subtracts 1 minute from the request time and returns a date and time that have already passed.
Set-Cookie Header SettingA “cookie” is a term for a mechanism that the Web server uses to gi v e the c lient a piece of data and h a v e
the client return the data with each request. The two traditional uses for cookies are:
• For Web sites to store a unique identifier and/or other information on the client's file system. The
information is available to the Web server on subsequent visits.
• To track a unique identifier for state management. The client returns the cookie with each request
and the server uses this identifier to index information about the current session. The identifier is
commonly referred to as a session ID. Most Web servers have a built-in session management layer
that uses this second type of cookie, which is commonly referred to as a session cookie.
The following example shows the Set-Cookie header that is returned to the browser whe n a re quest
method is used:
Set-Cookie: ASPSESSIONIDGQGQGRLS=OCPNMLFDBJIPNIOOKFNFMOAL; path=/
The Cisco Unified IP Phone can receive and use a total of four cookies per host per session and c an store
information for up to eight sessions at once. Each cookie can be u p to 255 bytes in si ze. The se co okie s
are available until the server terminates the session or the client session has been idle for more than 30
minutes. On the latest generation phones which are capable of ru nning m ultip le ap pl icat ions
concurrently (Cisco Unified IP Phones 7970G, 7971G, 7961G, 7941G, 7911G), the session state is also
cleared whenever the application window closes. This behavior is consistent with PC-based browsers
and provides better security since anyone attempting to reopen a secure application would be forced to
authenticate. If the client is connecting to a new server and all session resources are in use, the client
clears and reuses the session with the longest inactivity time.
When using ASP on IIS the default server configuration automatically generate s a se ssion c ooki e an d
sends it to the client using the Set-Cookie header. This enables you to utilize the Session object from
within ASP to store and retrieve data spanning multiple requests for the life of the session. When using
JSP on Tomcat, the default configuration generates and issues a session cookie.