Meaningless Drivel is fun!*
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes what is a cookie when locking? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Bookmark "what is a cookie when locking?" Watch "what is a cookie when locking?" New topic
Author

what is a cookie when locking?

joel smither
Ranch Hand

Joined: Jan 01, 2005
Posts: 31
Hi,
I'm working the UrlyBird project and I'm at a point where I can start to implement a locking mechanism. The instructions state that the lock method must return a long which is a cookie. This cookie will also be passed to the unlock method when the record needs to be unlocked.

What the heck is a cookie? How do I derive one? I don't understand.

Thanks in advance.
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11460
    
  94

Hi Joel,

A cookie is just something used for identification. I can remember the term "cookie" being used in the early 80s, but there never seems to be a clear explanation for where the term comes from. One explanation I have heard is that it is derived from Lewis Carol's "Alice In Wonderland" where Alice gained powers by eating a magic cookie (from memory, she shrank). Similarly, if your client has the lock cookie for a particular record, then they gain the ability to update the record and unlock it.

One parallel for cookies that I have seen on the web (sorry, I lost the reference) was that a cookie is like the ticket you get given when you leave your clothes at the dry cleaners - the ticket can later be used when you want to pick up your clothes.

So, for the purposes of the assignment, you have to generate some long number each time a client wants to lock a record (you should then track the locked record and the cookie for that record). When the client wants to update the record or unlock it, they must provide the cookie back to you. In the update or unlock method you can compare the provided cookie with your tracked lock/cookie values. If the provided cookie matches the one you have tracked then you allow the update or unlock to proceed.

Does this help?

If so, then a question for you to think about: do you want a random cookie for each record, or a guessable cookie, or doesn't this question matter at all?

Regards, Andrew


The Sun Certified Java Developer Exam with J2SE 5: paper version from Amazon, PDF from Apress, Online reference: Books 24x7 Personal blog
joel smither
Ranch Hand

Joined: Jan 01, 2005
Posts: 31
how is the cookie generated? I have know idea how many requests to lock a record there will be...how do I ensure I don't exceed the capacity of a long?
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11460
    
  94

Hi Joel,

You have to generate it.

Some candidates use the Random class, others use the current time, others use the record numbers, others use the record number itself, others use the same number for all locks .

All options might be correct . Justification in the choices document is the important thing.

If my explanation of what a cookie is / what it is for made sense to you, then you should consider the questions I raised in the earlier post, and then look at whether one of the options above will fit your requirements.

If my explanation did not make sense, then say so.

Regards, Andrew
dennis du
Ranch Hand

Joined: Dec 31, 2004
Posts: 59
Random class

In my opinion,using the random class to create the cookie should be the best choice.


-------------------------------<br />OCP 9i <br />SCJP/SCJD/SCWCD(92%)/SCDJWS<br />XML(IBM Test 141)<br />Who is the next?SCBCD<br />SCBCD/CCNA/CCNP/PMP<br />not sure
peter wooster
Ranch Hand

Joined: Jun 13, 2004
Posts: 1033
Originally posted by Andrew Monkhouse:
Hi Joel,

You have to generate it.

Some candidates use the Random class, others use the current time, others use the record numbers, others use the record number itself, others use the same number for all locks .

All options might be correct . Justification in the choices document is the important thing.

If my explanation of what a cookie is / what it is for made sense to you, then you should consider the questions I raised in the earlier post, and then look at whether one of the options above will fit your requirements.

If my explanation did not make sense, then say so.

Regards, Andrew



I originally used a sequential "cookie" per lock, but have now moved to a cookie that represents a session number. This is very much in keeping with the cookies that are used in HTTP session tracking.
joel smither
Ranch Hand

Joined: Jan 01, 2005
Posts: 31
First of all, I want to thank evryone who take the time to provide input on this thread. Your feedback has been extremely helpful to me.

I did look at the Random class in terms of using it to generate cookie values. I found the nextInt method,

int r = generator.nextInt();

but it returns an int. My developer project says the cookie value returned from the lock method must be a long, is there a method that returns a long? Is there a better way to generate the cookie?
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11460
    
  94

Hi Joel,

Take a look at the Random.nextLong() method .

Regards, Andrew
joel smither
Ranch Hand

Joined: Jan 01, 2005
Posts: 31
Is the purpose of the cookie just to make sure that the SAME client that locked the record is the same client to unlock the record?

Also, it seems to me that using the Random class to generate cookie values would not be correct, because you are not guaranteed that all numbers generated are unique (i.e. you could get the same number returned at some point).

Should I use a static variable in a LockManager class? Everytime I lock, I'll increment this static variable by 1, and then pass the value of the static variable to the unlock method when I'm ready to unlock...seems sort of silly or maybe I just don't get it.

so...

lock the record, generate cookie, and return cookie value back to caller
do processing
unlock record (passing in same cookie value returned from lock call)
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11460
    
  94

Hi Joel,

Is the purpose of the cookie just to make sure that the SAME client that locked the record is the same client to unlock the record?


Yes.

Also, it seems to me that using the Random class to generate cookie values would not be correct, because you are not guaranteed that all numbers generated are unique (i.e. you could get the same number returned at some point).


True, but is this really an issue? The Random.nextLong() will return one of 2*64 values (one of 18,446,744,073,709,551,616 values) with (approximately) equal probability. The chances of two clients getting the same lock cookie is extremely remote, likewise the chances of one client guessing another client's lock cookie are (in my opinion) to small to worry about.

If you were wanting to make things a little more secure, you could look at java.security.SecureRandom, but I think this is way over the top for the purposes of this assignment.

Should I use a static variable in a LockManager class? Everytime I lock, I'll increment this static variable by 1, and then pass the value of the static variable to the unlock method when I'm ready to unlock...seems sort of silly or maybe I just don't get it.


My personal opinion is that this is less secure, as a malicious programmer could guess your cookie generation scheme. This could result in a client unlocking a record that they did not lock.

However I know that some candidates have passed using this (and even less secure cookie generation techniques). As long as you can justify why you are doing generation this way in your choices document ...


lock the record, generate cookie, and return cookie value back to caller
do processing
unlock record (passing in same cookie value returned from lock call)


Correct.

Regards, Andrew
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: what is a cookie when locking?