Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

cookie questions

 
Marilyn de Queiroz
Sheriff
Posts: 9063
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a login jsp which posts to a servlet.

The servlet takes the login info, uses MD5 to "encrypt" the cookie's value,
adds the cookie and forwards to another jsp.

The second jsp contains a method call to the servlet's authenticateUser method which iterates through the cookies and returns true if it finds the correctly "encrypted" value in the cookie.

Problems:
1) It doesn't find the cookie that the servlet set. I.e. no cookie named "token". Why?

2) I log in a second time. Now I get the cookie named "token", but it has the wrong value. If I print the value immediately before I set the cookie, it has the correct value. Why does it seem to change?
 
Harpreet Hira
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are getting cookies initially from the request, which means you are reading it from the HEADER. This is prefectly alright.

Now, you add a new cookie to the response (not the request, right?), using response.addCookie(cookie). Now, request is forwarded couple of time and it moves around in the server side, without going to the browser.

The servlet(the one which reads old value) that reads the cookie, tries to read it from the header(which is a part of request) where it has NOT been set yet.
 
Marilyn de Queiroz
Sheriff
Posts: 9063
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So the cookie isn't in the request until I do a get or post from that page, right?
 
Harpreet Hira
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes

Here is reference from page 224 of Servlet 2.4 Specification

SRV.15.1.1 Cookie
public class Cookie implements java.lang.Cloneable
Creates a cookie, a small amount of information sent by a servlet to a Web browser, saved by browser, and later sent back to the server."
 
Marilyn de Queiroz
Sheriff
Posts: 9063
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok. So I add the cookie, as you said, and go to the web page which sends me back to a servlet. The servlet tries to extract the cookie information using

but I'm getting a
"problem loading URL '/myjsp.jsp':java.lang.IllegalStateException: Response has already been committed"

I don't see how extracting cookie info would commit a response.
 
Harpreet Hira
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just getting the cookies should not throw this exception. You must be committing the response to the browser somewhere before forwarding the request to the JSP. Please post the code of the servlet, if possible.

Just a thought ... if you just want to pass the cookie value to another JSP or servlet why don't you use request attribute, to send that value.
 
Marilyn de Queiroz
Sheriff
Posts: 9063
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm including the class that handles user authentication, sets the kookie and reads it to verify that it is still valid. Everything else works because when I comment out the call to authenticateUser(), everything goes smoothly.


[ May 03, 2006: Message edited by: Marilyn de Queiroz ]
 
Marilyn de Queiroz
Sheriff
Posts: 9063
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do I need to put the cookie back in the response every time it goes from the servlet to a jsp?
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, setting it once is sufficient. The browser will send it back with every request, though.
 
Marilyn de Queiroz
Sheriff
Posts: 9063
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Harpreet Hira:
Just getting the cookies should not throw this exception. You must be committing the response to the browser somewhere before forwarding the request to the JSP. Please post the code of the servlet, if possible.

I don't see where in this code any response is being committed.
 
Harpreet Hira
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think culprit is call to redirect method in your code.
private static void gotoLogin( ServletData servletData ) { redirect( "/login.jsp" , servletData );
}

I am not sure how redirect() method has been implemented. But I guess it must be doing a RequestDispatcher.forward() or response.sendRedirect() both of which commit the response to the browser.
Now, after completing the method execution in servlet, the control returns back to JSP, which also tries to commit it's reponse to browser. Since response has already been committed by the code in redirect() method, you get this exception.

Can you post implementation of redirect() method here.
 
Marilyn de Queiroz
Sheriff
Posts: 9063
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you, Harpreet Hira. I moved the redirect out of that method and the error went away. I really appreciate all the help you've given so far. Thank you.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic