Cookies - Java

Cookies

A cookie is a bit of information sent by a web server to a browser that can later be read back from that browser. When a browser receives a cookie, it saves the cookie and thereafter sends the cookie back to the server each time it accesses a page on that server, subject to certain rules. Because a cookie's value can uniquely identify a client, cookies are often used for session tracking.

•       Cookies were first introduced in Netscape Navigator.

•       Version 2.0 of the Servlet API provides the javax.servlet.http.Cookie class for working with cookies. The HTTP header details for the cookies are handled by the Servlet API.

•       create a cookie with the Cookie() constructor: public Cookie(String name, String value)

This creates a new cookie with an initial name and value.

A servlet can send a cookie to the client by passing a Cookie object to the addCookie() method of HttpServletResponse:

public void HttpServletResponse.addCookie(Cookie cookie)

This method adds the specified cookie to the response. Additional cookies can be added with subsequent calls to addCookie() . Because cookies are sent using HTTP headers, they should be added to the response before you send any content. Browsers are only required to accept 20 cookies per site, 300 total per user, and they can limit each cookie's size to 4096 bytes.

The code to set a cookie looks like this:

Cookie cookie = new Cookie("ID", "123");

res.addCookie(cookie);

A servlet retrieves cookies by calling the getCookies() method of HttpServlet-Request: public Cookie[] HttpServletRequest.getCookies()

This method returns an array of Cookie objects that contains all the cookies sent by the browser as part of the request or null if no cookies were sent. The code to fetch cookies looks like this:

Cookie[] cookies = req.getCookies();

if (cookies != null) {

for (int i = 0; i < cookies.length; i++) {

String name = cookies[i].getName();

String value = cookies[i].getValue();

}

}

Session tracking using persistent cookies

import java.io.*; import javax.servlet.*;

import javax.servlet.http.*;

public class ShoppingCartViewerCookie extends HttpServlet {

public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {

res.setContentType("text/html"); PrintWriter out = res.getWriter();

// Get the current session ID by searching the received cookies.

String sessionid = null;

Cookie[] cookies = req.getCookies(); if (cookies != null) {

for (int i = 0; i < cookies.length; i++) {

if (cookies[i].getName().equals("sessionid")) {

sessionid = cookies[i].getValue();

break;

}

}

}

// If the session ID wasn't sent, generate one.

//  Then be sure to send it to the client with the response.

//  if (sessionid == null) {

sessionid = generateSessionId();

Cookie c = new Cookie("sessionid", sessionid); res.addCookie(c);

}

out.println("<HEAD><TITLE>Current Shopping Cart Items</TITLE></HEAD>"); out.println("<BODY>");

//  Cart items are associated with the session ID

//  String[] items = getItemsFromCart(sessionid);

// Print the current cart items.

out.println("You currently have the following items in your cart:<BR>");

if (items == null) { out.println("<B>None</B>");

}

else { out.println("<UL>");

for (int i = 0; i < items.length; i++) {

out.println("<LI>" + items[i]);

}

out.println("</UL>");

}

// Ask if they want to add more items or check out.

out.println("<FORM ACTION=\"/servlet/ShoppingCart\" METHOD=POST>"); out.println("Would you like to<BR>");

out.println("<INPUT TYPE=submit VALUE=\" Add More Items \">"); out.println("<INPUT TYPE=submit VALUE=\" Check Out \">"); out.println("</FORM>");

// Offer a help page.

out.println("For help, click <A HREF=\"/servlet/Help" + "?topic=ShoppingCartViewerCookie\">here</A>");

out.println("</BODY></HTML>");

}

private static String generateSessionId() {

String uid = new java.rmi.server.UID().toString();

// guaranteed unique return java.net.URLEncoder.encode(uid);

// encode any special chars

}

private static String[] getItemsFromCart(String sessionid) {

// Not implemented

}

}

Persistent cookies offer an elegant, efficient, easy way to implement session tracking. Cookies provide as automatic an introduction for each request as you could hope for. For each request, a cookie can automatically provide a client's session ID or perhaps a list of the client's preferences. In addition, the ability to customize cookies gives them extra power and versatility.

Advantages of cookies:

1. Cookies do not require any server resources since they are stored on the client. 2. Cookies are easy to implement.

3. You can configure cookies to expire when the browser session ends (session cookies) or they can exist for a specified length of time on the client computer (persistent cookies).

Disadvantages:

•       The biggest problem with cookies is that browsers don't always accept cookies. Sometimes this is because the browser doesn't support cookies.

•       Due to limited memory space WAP gateways doesn‘t use cookies.

•       Any intruder (unauthorized person) using client‘s machine can change value of cookies.