Hi, for the lock cookie, it is sth to identify which one lock the record, when any client want to release the lock (before he do any action except read/find he must lock the record first), he must pass in the same lock cookie. else the SecurityException should be thrown out.
The workflow should be:
1. Client invoke the LockManager to lock the record(record number should pass in) while the lock cookie should be return
2. Other client wait for the record that has been locked
3. Client store the lock cookie in somewhere
4. Client do the action (inser/delete/update)
5. Client release the lock with the record number and lock cookie
6. Other client repeat the step 1 - 5
You can take a look at
Why I lost points in locking also you can find more material about it by the search engine.