fix #69 refer to http://www.php.net/manual/zh/function.setcookie.php

 package beego
 package beego
 
 
 import (
 import (
+	"bytes"
 	"fmt"
 	"fmt"
 	"mime"
 	"mime"
 	"net/http"
 	"net/http"
 	"strings"
 	"strings"
-	"time"
 )
 )
 
 
 type Context struct {
 type Context struct {
@@ -58,14 +58,46 @@ func (ctx *Context) SetHeader(hdr string, val string, unique bool) {
 }
 }
 
 
 //Sets a cookie -- duration is the amount of time in seconds. 0 = forever
 //Sets a cookie -- duration is the amount of time in seconds. 0 = forever
-func (ctx *Context) SetCookie(name string, value string, age int64) {
-	var utctime time.Time
-	if age == 0 {
-		// 2^31 - 1 seconds (roughly 2038)
-		utctime = time.Unix(2147483647, 0)
+
+//params:
+//string name
+//string value
+//int64 expire = 0
+//string $path
+//string $domain
+//bool $secure = false
+//bool $httponly = false
+func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
+	var b bytes.Buffer
+	fmt.Fprintf(&b, "%s=%s", sanitizeName(name), sanitizeValue(value))
+	if len(others) > 0 {
+		fmt.Fprintf(&b, "; Max-Age=%d", others[0].(int64))
 	} else {
 	} else {
-		utctime = time.Unix(time.Now().Unix()+age, 0)
+		fmt.Fprintf(&b, "; Max-Age=0")
+	}
+	if len(others) > 1 {
+		fmt.Fprintf(&b, "; Path=%s", sanitizeValue(others[1].(string)))
+	}
+	if len(others) > 2 {
+		fmt.Fprintf(&b, "; Domain=%s", sanitizeValue(others[2].(string)))
 	}
 	}
-	cookie := fmt.Sprintf("%s=%s; Expires=%s; Path=/", name, value, webTime(utctime))
-	ctx.SetHeader("Set-Cookie", cookie, true)
+	if len(others) > 3 {
+		fmt.Fprintf(&b, "; Secure")
+	}
+	if len(others) > 4 {
+		fmt.Fprintf(&b, "; HttpOnly")
+	}
+	ctx.SetHeader("Set-Cookie", b.String(), true)
+}
+
+var cookieNameSanitizer = strings.NewReplacer("\n", "-", "\r", "-")
+
+func sanitizeName(n string) string {
+	return cookieNameSanitizer.Replace(n)
+}
+
+var cookieValueSanitizer = strings.NewReplacer("\n", " ", "\r", " ", ";", " ")
+
+func sanitizeValue(v string) string {
+	return cookieValueSanitizer.Replace(v)
 }
 }