• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

cookie questions

 
Sheriff
Posts: 9109
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a login jsp which posts to a servlet.

The servlet takes the login info, uses MD5 to "encrypt" the cookie's value,
adds the cookie and forwards to another jsp.

The second jsp contains a method call to the servlet's authenticateUser method which iterates through the cookies and returns true if it finds the correctly "encrypted" value in the cookie.

Problems:
1) It doesn't find the cookie that the servlet set. I.e. no cookie named "token". Why?

2) I log in a second time. Now I get the cookie named "token", but it has the wrong value. If I print the value immediately before I set the cookie, it has the correct value. Why does it seem to change?
 
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You are getting cookies initially from the request, which means you are reading it from the HEADER. This is prefectly alright.

Now, you add a new cookie to the response (not the request, right?), using response.addCookie(cookie). Now, request is forwarded couple of time and it moves around in the server side, without going to the browser.

The servlet(the one which reads old value) that reads the cookie, tries to read it from the header(which is a part of request) where it has NOT been set yet.
 
Marilyn de Queiroz
Sheriff
Posts: 9109
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So the cookie isn't in the request until I do a get or post from that page, right?
 
Harpreet Hira
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes

Here is reference from page 224 of Servlet 2.4 Specification

SRV.15.1.1 Cookie
public class Cookie implements java.lang.Cloneable
Creates a cookie, a small amount of information sent by a servlet to a Web browser, saved by browser, and later sent back to the server."
 
Marilyn de Queiroz
Sheriff
Posts: 9109
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok. So I add the cookie, as you said, and go to the web page which sends me back to a servlet. The servlet tries to extract the cookie information using

but I'm getting a
"problem loading URL '/myjsp.jsp':java.lang.IllegalStateException: Response has already been committed"

I don't see how extracting cookie info would commit a response.
 
Harpreet Hira
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Just getting the cookies should not throw this exception. You must be committing the response to the browser somewhere before forwarding the request to the JSP. Please post the code of the servlet, if possible.

Just a thought ... if you just want to pass the cookie value to another JSP or servlet why don't you use request attribute, to send that value.
 
Marilyn de Queiroz
Sheriff
Posts: 9109
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm including the class that handles user authentication, sets the kookie and reads it to verify that it is still valid. Everything else works because when I comment out the call to authenticateUser(), everything goes smoothly.


[ May 03, 2006: Message edited by: Marilyn de Queiroz ]
 
Marilyn de Queiroz
Sheriff
Posts: 9109
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do I need to put the cookie back in the response every time it goes from the servlet to a jsp?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, setting it once is sufficient. The browser will send it back with every request, though.
 
Marilyn de Queiroz
Sheriff
Posts: 9109
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Harpreet Hira:
Just getting the cookies should not throw this exception. You must be committing the response to the browser somewhere before forwarding the request to the JSP. Please post the code of the servlet, if possible.


I don't see where in this code any response is being committed.
 
Harpreet Hira
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think culprit is call to redirect method in your code.
private static void gotoLogin( ServletData servletData ) { redirect( "/login.jsp" , servletData );
}

I am not sure how redirect() method has been implemented. But I guess it must be doing a RequestDispatcher.forward() or response.sendRedirect() both of which commit the response to the browser.
Now, after completing the method execution in servlet, the control returns back to JSP, which also tries to commit it's reponse to browser. Since response has already been committed by the code in redirect() method, you get this exception.

Can you post implementation of redirect() method here.
 
Marilyn de Queiroz
Sheriff
Posts: 9109
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you, Harpreet Hira. I moved the redirect out of that method and the error went away. I really appreciate all the help you've given so far. Thank you.
 
reply
    Bookmark Topic Watch Topic
  • New Topic