File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes cookie questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "cookie questions" Watch "cookie questions" New topic
Author

cookie questions

Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9046
    
  10
I have a login jsp which posts to a servlet.

The servlet takes the login info, uses MD5 to "encrypt" the cookie's value,
adds the cookie and forwards to another jsp.

The second jsp contains a method call to the servlet's authenticateUser method which iterates through the cookies and returns true if it finds the correctly "encrypted" value in the cookie.

Problems:
1) It doesn't find the cookie that the servlet set. I.e. no cookie named "token". Why?

2) I log in a second time. Now I get the cookie named "token", but it has the wrong value. If I print the value immediately before I set the cookie, it has the correct value. Why does it seem to change?


JavaBeginnersFaq
"Yesterday is history, tomorrow is a mystery, and today is a gift; that's why they call it the present." Eleanor Roosevelt
Harpreet Hira
Ranch Hand

Joined: Sep 27, 2001
Posts: 72
You are getting cookies initially from the request, which means you are reading it from the HEADER. This is prefectly alright.

Now, you add a new cookie to the response (not the request, right?), using response.addCookie(cookie). Now, request is forwarded couple of time and it moves around in the server side, without going to the browser.

The servlet(the one which reads old value) that reads the cookie, tries to read it from the header(which is a part of request) where it has NOT been set yet.
Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9046
    
  10
So the cookie isn't in the request until I do a get or post from that page, right?
Harpreet Hira
Ranch Hand

Joined: Sep 27, 2001
Posts: 72
Yes

Here is reference from page 224 of Servlet 2.4 Specification

SRV.15.1.1 Cookie
public class Cookie implements java.lang.Cloneable
Creates a cookie, a small amount of information sent by a servlet to a Web browser, saved by browser, and later sent back to the server."
Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9046
    
  10
Ok. So I add the cookie, as you said, and go to the web page which sends me back to a servlet. The servlet tries to extract the cookie information using

but I'm getting a
"problem loading URL '/myjsp.jsp':java.lang.IllegalStateException: Response has already been committed"

I don't see how extracting cookie info would commit a response.
Harpreet Hira
Ranch Hand

Joined: Sep 27, 2001
Posts: 72
Just getting the cookies should not throw this exception. You must be committing the response to the browser somewhere before forwarding the request to the JSP. Please post the code of the servlet, if possible.

Just a thought ... if you just want to pass the cookie value to another JSP or servlet why don't you use request attribute, to send that value.
Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9046
    
  10
I'm including the class that handles user authentication, sets the kookie and reads it to verify that it is still valid. Everything else works because when I comment out the call to authenticateUser(), everything goes smoothly.


[ May 03, 2006: Message edited by: Marilyn de Queiroz ]
Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9046
    
  10
Do I need to put the cookie back in the response every time it goes from the servlet to a jsp?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41792
    
  62
No, setting it once is sufficient. The browser will send it back with every request, though.


Ping & DNS - my free Android networking tools app
Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9046
    
  10
Originally posted by Harpreet Hira:
Just getting the cookies should not throw this exception. You must be committing the response to the browser somewhere before forwarding the request to the JSP. Please post the code of the servlet, if possible.

I don't see where in this code any response is being committed.
Harpreet Hira
Ranch Hand

Joined: Sep 27, 2001
Posts: 72
I think culprit is call to redirect method in your code.
private static void gotoLogin( ServletData servletData ) { redirect( "/login.jsp" , servletData );
}

I am not sure how redirect() method has been implemented. But I guess it must be doing a RequestDispatcher.forward() or response.sendRedirect() both of which commit the response to the browser.
Now, after completing the method execution in servlet, the control returns back to JSP, which also tries to commit it's reponse to browser. Since response has already been committed by the code in redirect() method, you get this exception.

Can you post implementation of redirect() method here.
Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9046
    
  10
Thank you, Harpreet Hira. I moved the redirect out of that method and the error went away. I really appreciate all the help you've given so far. Thank you.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: cookie questions