Cookies in Servlet

• A cookie is a small piece of information that is persisted between the

multiple client requests. Cookies are maintained at client side.
• A cookie has a name, a single value, and optional attributes such as a
comment, path and domain qualifiers, a maximum age, and a version
number.
• How Cookie works
• we add cookie with response from the servlet. So cookie is stored in
the cache of the browser. After that if request is sent by the user,
cookie is added with request by default.
Types of Cookie
•There are 2 types of cookies in servlets.
•Non-persistent cookie
•Persistent cookie
Non-persistent cookie
•It is valid for single session only. It is removed each time when user closes
the browser.
Persistent cookie
•It is valid for multiple session . It is not removed each time when user
closes the browser. It is removed only if user logout or sign-out.
Advantage of Cookies
•Simplest technique of maintaining the state.
•Cookies are maintained at client side.
Disadvantage of Cookies
•It will not work if cookie is disabled from the browser.
•Only textual information can be set in Cookie object.
• Cookie class
javax.servlet.http.Cookie class provides the functionality of using
cookies. It provides a lot of useful methods for cookies.
Constructor of Cookie class
Constructor
Cookie()
Cookie(String name, String value)
Useful Methods of Cookie class
Method
public void setMaxAge(int expiry)
public String getName()
public String getValue()
public void setName(String name)
public void setValue(String value)
Description
constructs a cookie.
constructs a cookie with a specified name
and value.
Description
Sets the maximum age of the cookie in
seconds.
Returns the name of the cookie. The
name cannot be changed after creation.
Returns the value of the cookie.
changes the name of the cookie.
changes the value of the cookie.
 1. Creating Cookies
 Three steps to creating a new cookie:
1) Create a new Cookie Object
 Cookie cookie = new Cookie (name, value);
2) Set any cookie attributes
 cookie.setMaxAge (60);
3) Add your cookie to the response object:
 Response.addCookie (cookie)
 Cookie Constructor
 Create a new cookie by calling the Cookie
constructor and specifying:
 Name
 Value
 Example:
 Cookie cookie = new Cookie (“school”, “abc”);
 Neither the name nor the value may contain
whitespace or any of the following characters:
 []()=,“/?@;
 2. Set Cookie Attributes
 Before adding a cookie to the Response
object, you can set attributes.
 Attributes include:
 Name/Value
 Domain
 Maximum Age
 Path
 Version
 Cookie Name
public String getName();

 getName() is useful for reading in cookies

(later).
Cookie ck=new Cookie();
ck.getName();
 Cookie Value
public String getValue();
public void setValue (String value);
 setValue() isn’t often called directly, as the
value is specified in the cookie constructor.
 getValue() is useful for reading in cookies
(later).
 Cookie Age
public int getMaxAge ();
public void setMaxAge (int lifetime);
 In general there are two types of cookies:
 Session Cookies: Temporary cookies that expire when the
user exits the browser.
 Persistent Cookies: Cookies that do not expire when the
user exits the browser. These cookies stay around until
their expiration date, or the user explicitly deletes them.
 Cookie Expiration
 The setMaxAge () method tells the browser
how long (in seconds) until the cookie expires.
 Possible values:
 Negative Value (default): creates a session cookie
that is deleted when the user exits the browser.
 0: instructs the browser to delete the cookie.
 Positive value: any number of seconds. For
example, to create a cookie that lasts for one
hour, setMaxAge (3600);
 Security
public int getSecure ();
public void setSecure (boolean);
 If you set Secure to true, the browser will only
return the cookie when connecting over an
encrypted connection.
 By default, cookies are set to non-secure.
 3. Add Cookies to Response
 Once a cookie is created and any attributes
are set, add it to the response object.
 By adding it to the response object, the cookie
is transmitted back to the browser.
 Example:
Cookie school =
new Cookie (“school”, “abc”);
school.setMaxAge (3600);
response.addCookie (school);
 Reading Cookies
 To create cookies, add them to the response
object.
 To read incoming cookies, get them from the
request object.
 HttpServletRequest has a getCookies()
method.
 Returns an array of cookie objects. This includes all
cookies sent by the browser.
 Returns a zero-length array if there are no cookies.
 Once you have an array of cookies, you can iterate
through the array and extract the one(s) you
want.
Summary
• How to create Cookie?

• How to delete Cookie?

• How to get Cookies?

 Domain Attributes
public String getDomain ();
public void setDomain(String domain);
 By default, the browser returns cookies to
the exact same host that sent them.
 setDomain() is used to instruct the
browser to send cookies to other hosts
within the same domain.
 Domain Example
 Example: Cookies sent from a servlet at
bali.vacations.com would not be forwarded to
mexico.vacations.com.
 If you do want to the cookie to be accessible to both
hosts, set the domain to the highest level:
 cookie.setDomain (“.vacations.com”);
 Note that it is required to include at least two dots.
Hence, specify .vacations.com, not just vacations.com
 Path
public String getPath();
public void setPath (String path);
By default, the browser will only return a cookie
to URLs at or below the www directory that
created the cookie.
 Path Example
 Example: If you create a cookie at
http://ecommerce.site.com/toys.html then:
 The browser will send the cookie back to
http://ecommerce.site.com/toys.html.
 The browser will not send the cookie back to
http://ecommerce.site.com/cds
 If you want the cookie to be sent to all pages, set the
path to /
 Cookie.setPath (“/”);
 Very common, widely used practice.