*
The moose likes Servlets and the fly likes Problems deleting a cookie.... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Problems deleting a cookie...." Watch "Problems deleting a cookie...." New topic
Author

Problems deleting a cookie....

A. Mazon
Greenhorn

Joined: May 16, 2002
Posts: 4
Hello,
I am using Servlets and JSP to develop an application. I want to use cookies to store information about the user so he does not have to give his login and password every time he enters the site, at least he explicity logs out.
When a user logs in, a cookie is created by a Servlet. I use setMaxAge(3600) to set the time that cookie will remain usable.
When the user logs out I use another servlet to get the cookies from request and then I use setMaxAge(0) to delete the cookie.
The problem is that every time that I get the cookies from request in my Java Server Pages and see the MaxAge value of that cookie it always shows -1
I can't figure out why the age of the cookies is -1 not matter what value I use when I create that cookie. And the Value (not the time) of that cookie it is the same, I mean that I can access the correct information in that cookie but I can not delete it by using setMaxAge(0).
I appreciate your help. Thanks.
Bosun Bello
Ranch Hand

Joined: Nov 06, 2000
Posts: 1510
The default maxAge is -1. Verify that you are setting the maxAge before adding the cookie to the response.


Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
A. Mazon
Greenhorn

Joined: May 16, 2002
Posts: 4
Thanks... I do, I have the next code in my Servlet:

And then I call my JSP using:

But still, when I use

And see the value of that cookie and the MaxAge... the value is "some value" as when I created the cookie, but the getMaxAge() method returns -1.
NOTE: I wrote getCoookie instead the correct method because a problem. So don't pay attention to that line.
Thank you.
Mayer Salzer
Greenhorn

Joined: Apr 01, 2002
Posts: 20
Hi,
I don't know if this will solve your problems, but it's worth noting a couple of things.
1) From your sample code it seems that you are creating or modifying a cookie in your servlet and then "forwarding" the request to your jsp and expecting the changes to the cookie to be visible right away in your jsp. This may be your problem.
I'm assuming that your jsp finds the cookie by calling the "request.get Cookies()" method, which returns an array of cookies that were saved on your client's hard drive and were submitted along with the request. When you create or modify a cookie it saves it back to your client's hard drive by adding it to the "response" object (response.addCookie). This means it doesn't get saved back to the client's hard drive until the request's trip completes. The request does not complete its trip until after it's done with the jsp you "forwarded" to as well. Since the jsp looks for the cookie in the "request" object, it does not see these changes until you complete the trip and then hit it a second time . . . The same is true for when you expire a cookie (setting max-age to 0). Your jsp won't know the cookie's max-age was changed in the servlet unless the trip (back to your client) was completed in the interim.
One way to get around this, is by having your servlet "redirect" to the jsp (response.sendRedirect). Unlike "forwarding", redirecting does complete the trip first, and only then does it come back to your jsp with the newly created/modified/expired cookie in tow . . .
2) The second point is something you mentioned about setting the max-age and not seeing it in the cookie. I too seem to recall debugging a servlet (using Visual Age for Java) and peering in on the contents of a cookie I created, and noticing that the max-age was always -1. This was true for all cookies even those that did in fact have a different max-age (meaning they were in fact expiring after a designated time, yet I still wasn't seeing their true max-age value when debugging it). Since this wasn't an actual problem (like I said the cookies were expiring at the designated time), I never pursued it any further . . .
Good luck . . .
[ June 09, 2002: Message edited by: Mayer Salzer ]

Sun Certified Programmer for Java 2 Platform
 
 
subject: Problems deleting a cookie....
 
Similar Threads
Chapter 6(Session Management) notes (HFSJ) for revision
Using Cookies . Is it Safe ?
logout by disabling back button
Doubt regarding the cookies.
Why isn't my cookie being set?