Set-Cookie headers to the response it returns. The Hub forwards those headers downstream after rewriting the cookie’s Domain attribute to match the externally-visible host, so cookies you set are scoped to the host the browser actually requested.
This page covers how to write cookies. For background on response shaping in general, see Response Functions.
The basics
Your handler receives{ req, res } and must return a Response. To set a cookie, clone the upstream response (so you preserve its body, status, and existing headers) and append a Set-Cookie header to the new one. The value is a standard cookie string — name, value, and any attributes you want (Path, Max-Age, SameSite, Secure, HttpOnly, etc.).
Function Implementation
__ollieshop_pref=dark and includes it on every subsequent request to your host.
The Hub strips and rewrites the
Domain attribute on every cookie it forwards. You don’t need to set Domain yourself — if you do, it will be replaced with the host the browser requested (X-Forwarded-Host → Host → URL hostname, in that order). This keeps cookies scoped correctly across custom domains.Setting multiple cookies
To set more than one cookie in the same response, callheaders.append once per cookie. Each call adds its own Set-Cookie header on the wire.
Multiple Cookies
Reading a cookie back
Cookies the browser sends are on the request’scookie header as a single string. Read it via req.headers.get("cookie") and parse it the same way you would in any HTTP server.
Reading a Cookie
Updating or deleting a cookie
To update a cookie, set it again with the new value — the browser overwrites by name + path + domain. To delete one, set the same name and path with a pastExpires (or Max-Age=0) and an empty value.
Deleting a Cookie
Reserved names
A few cookies in the__ollieshop_ namespace are owned by the platform itself and should not be overwritten by your functions. The current reserved name is:
__ollieshop_session— the encrypted session cookie issued by the Hub for state shared across function invocations.
__ollieshop_<your-feature>_<purpose>) and you’ll be safe.