File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Doubt regarding the cookies. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Doubt regarding the cookies." Watch "Doubt regarding the cookies." New topic

Doubt regarding the cookies.

Adrian Perry
Ranch Hand

Joined: Jul 21, 2005
Posts: 42

We all know that response object is used to add cookies, which are send to the client, when he logs in for the first time. We also know that the subsequent request from the client gets the cookies from the client in the form of request.getKookies().

My question is suppose a particular site want to know the name of the person who log in, without asking the same from the person, will be using cookies to do this task. As per HeadFirst Servlet & JSP, the code fragment is as follows:

Cookie[] cookies=request.getKookies();

for (int i = 0; i < cookies.length; i++)
Cookie cookie=cookies[i];
if (cookie.getName().equals("username"))
String userName = cookie.getValue();
out.println("Hello " + userName);

This is the fragment of the code in the servlet.

Note that we are collecting all the cookies that are avaliable with the client in an array. Now suppose we have a XYZ site, where it sets the cookie with the name as "username" and we have another site say ABC where it sets the cookie with the same name as above ie. "username". Now with the first site the user uses a particular name and with the second site if the user uses a different name, then won't there be a problem.

This is because 2 cookies are set on his machines both which has the same name ie "username" and the value is different. Now when the cookies are collected in the array and when cookie.getName() checks for username, it can display the wrong name.

But as far as I know this does not happens.How is this so?
The only possible solution that I can think of is that the container which created the cookie knows this cookie is created by me. This could be possible because the signature used in cookie creating by each container is different or a unique number must be created by the container for the cookie and it must be keeping track of the numbers created by it.

But all these are just speculations. Any concrete answers.

PS: The above example is from head first Servlet & JSP page no. 251.
Sravan Kumar
Ranch Hand

Joined: Sep 11, 2005
Posts: 121
The browser will send only those cookies that were set by this server with every request to the server. So, a cookie with name "username" set by javaranch will be sent here and a cookie with name "username" set by, will be sent to

keep smilin :: sravan<br /><a href="" target="_blank" rel="nofollow">I scribble here</a>
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Exactly as Sravan said, and also have a look at Cookie.setPath() method documentation

Bosun Bello
Ranch Hand

Joined: Nov 06, 2000
Posts: 1510
Absolutely! As in your example: site XYZ will not have access to the cookies set by site ABC, and vice-versa, so there will not be any conflict. As others have posted, a particular site can only retrieve the cookies that it set.

So much trouble in the world -- Bob Marley
Adrian Perry
Ranch Hand

Joined: Jul 21, 2005
Posts: 42
Thanks for the prompt reply. What you guys have said makes sense. Double-checked it with API's documentation.

The cookie.setPath(String uri) method sets the return path to where the cookie should come back along with the request from the browser.

So it means we must specify the return path, when we create the cookie. But a hypothetical question: If we do not set the return path, does the cookie comes back to the same server path? Sure there must be other mechanism to take care of this.
Also when we open up a cookie file in a text editor, we see a lot of numbers. Can you guys tell me what all those numbers imply or can you point me to any suggested readings.

Bosun Bello
Ranch Hand

Joined: Nov 06, 2000
Posts: 1510
If you do not call the setPath method on a cookie, the browser returns the cookie only to URLs in or below the directory containing the page that sent the cookie.

I am not sure why you care about what the numbers mean when you open the cookie file in an editor.
I agree. Here's the link:
subject: Doubt regarding the cookies.
jQuery in Action, 3rd edition