| View Blog
|
| Using Cookies in servlets
|
|
|
HTTP cookies are essentially custom HTTP headers that are passed between a client and a server. Although cookies are not overwhelmingly popular, they do enable state to be shared between the two machines. For example, when a user logs into a site, a cookie can maintain a reference verifying the user has passed the password check and can use that reference to identify that same user on future visits.
Cookies are normally associated with a server. If you set the domain to .java.sun.com, then the cookie is associated with the domain. If no domain is set, the cookie is only associated with the server that created the cookie.
Setting a Cookie :
The Java Servlet API includes a Cookie class that you can use to set or retrieve the cookie from the HTTP header. HTTP cookies include a name and value pair.
The startSession method shown here is in the LoginServlet program. In this method, the name in the name and value pair used to create the Cookie is JDCAUCTION, and a unique identifier generated by the server is the value.
protected Session startSession(String theuser,
String password,
HttpServletResponse response) {
Session session = null;
if ( verifyPassword(theuser, password) ) {
// Create a session
session = new Session (theuser);
session.setExpires (sessionTimeout + i
System.currentTimeMillis());
sessionCache.put (session);
// Create a client cookie
Cookie c = new Cookie("JDCAUCTION",
String.valueOf(session.getId()));
c.setPath ("/");
c.setMaxAge (-1);
c.setDomain (domain);
response.addCookie (c);
}
return session;
}
Later versions of the Servlet API include a Session API, to create a session using the Servlet API in the previous example you can use the getSession method.
HttpSession session = new Session (true);
The startSession method is called by requesting the login action from a POST to the LoginServlet as follows:
"
Enter your user id:
Enter your password:
"
The cookie is created with an maximum age of -1, which means the cookie is not stored but remains alive while the browser runs. The value is set in seconds, although when using values smaller than a few minutes you need to be careful of machine times being slightly out of sync.
The path value can be used to specify that the cookie only applies to files and directories under the path set on that machine. In this example the root path / means the cookie is applicable to all directories.
The domain value in the example is read from the initialization parameters for the servlet. If the domain is null, the cookie is applied to that machines domain only.
Retrieving a Cookie :
The cookie is retrieved from the HTTP headers with a call to the getCookies method on the request:
Cookie c[] = request.getCookies();
You can later retrieve the name and value pair settings by calling the Cookie.getName method to retrieve the name, and the Cookie.getValue method to retrieve the value.
LoginServlet has a validateSession method that checks the user's cookies to find a JDCAUCTION cookie that was set in this domain:
private Session validateSession
(HttpServletRequest request,
HttpServletResponse response) {
Cookie c[] = request.getCookies();
Session session = null;
if( c != null ) {
Hashtable sessionTable = new Hashtable();
for (int i=0; i < c.length &&
session == null; i++ ) {
if(c[i].getName().equals("JDCAUCTION")) {
String key = String.valueOf (c[i].getValue());
session=sessionCache.get(key);
}
}
}
return session;
}
If you use the Servlet session API then you can use the following method, note that the parameter is false to specify the session value is returned and that a new session is not created.
HttpSession session = request.getSession(false); |
|
Posted by jaikutty on 2008-01-20 00:49:09 | Rating: | Views: 44
|
| |
|
|
| Blog Comments
|
|
|
|
|
J2EE Topics
|
|
Posted by jaikutty
on 2008-01-20 00:51:53
|
|
|
|
|
|
