(:
 : the list of cookies from the request in the form:
 :
 :  <cookie name="{name}">{value}</cookie>
 :)
define variable $cookies {
  let $cookies := xdmp:get-request-header("Cookie", ""),
      $cookie-list := if ($cookies) then tokenize($cookies, "; *") else ()
  return
    if ($cookie-list) 
    then
      for $c in $cookie-list return 
        <cookie name="{ substring-before($c, "=")}">{
          substring-after($c, "=")
        }</cookie>
    else
      ()
}

(:
 : return the value for cookie named $name
 :)
define function get-cookie($name)
{
  $cookies[@name = $name]/text()
}

(:
 : set a cookie
 :)
define function set-cookie($name, $value)
{
  xdmp:add-response-header("Set-Cookie",
    concat($name, "=", $value, "; Version=1; Max-Age=31536000"))
}

(:
 : unset a cookie
 :)
define function unset-cookie($name)
{
  xdmp:add-response-header("Set-Cookie", 
    concat($name,
      '=""; Version=1; Max-Age=0; Expires=Sun, 01-Jan-1900 00:00:00 GMT'))
}

xdmp:set-session-field("aField", "bananas"),
xdmp:set-session-field("anotherField", "coconuts"),
set-cookie("aCookie", "oreo"),
set-cookie("anotherCookie", "milano"),
unset-cookie("cookie"),
unset-cookie("xxx"),
<html>
<body>
<h4>The cookies</h4>
<ul>
<li><b>cookie-list:</b> {
  for $c in $cookies
    return concat($c/@name, ":", $c/text(), " ")
}</li>
<li><b>SessionID:</b> {get-cookie("SessionID")}</li>
<li><b>cookie:</b> {get-cookie("cookie")}</li>
<li><b>bad-cookie:</b> {get-cookie("bad-cookie")}</li>
<li><b>cookie[1]/text():</b> { $cookies[1]/text() }</li>
<li><b>cookie[2]:</b> { xdmp:quote($cookies[2]) }</li>
</ul>
<h4>Session stuff</h4>
<ul>
<li><b>session field names:</b> { xdmp:get-session-field-names() }</li>
<li><b>session field values:</b> { 
  for $f in xdmp:get-session-field-names() return xdmp:get-session-field($f)
}</li>
</ul>
</body>
</html>