jQuery in Action, 2nd edition*
The moose likes Servlets and the fly likes Cookies In session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Cookies In session" Watch "Cookies In session" New topic
Author

Cookies In session

chandraiah chintakayalu
Ranch Hand

Joined: Aug 30, 2007
Posts: 32
Hi all,
Cookies is the one way to maintain session between server and client, but can anybody explain with the coding how the cookies is created, stored in local system and how it is retreived and how it used to continue the session.


Thanks in advance,
Chandu


SCJP-5 86%,SCWCD-soon
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9291
    
  17

First you will have to decide do you want Cookies or Session. If you have a lot of information about every user(including confidential information) then use Session as the information will be on the server and will not travel unsafely over internet.

If you want to use cookies, then do this

Cookie cook = new Cookie("name", "value");

then use response.add Cookie(cook);

then when you want to retrieve a cookie use

Cookie[] arr = request.get Cookies();
arr[0].getName()
arr[0].getValue()

note there is no space between get and Cookies but I get an error message if I try it witout space


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Ashu Jain
Ranch Hand

Joined: Feb 24, 2008
Posts: 73
I do not understand this.

"If you have a lot of information about every user(including confidential information) then use Session as the information will be on the server and will not travel unsafely over internet."

As per my knowledge, session information also travel over internet as the part of header then how do we predict that it is safe to use session over cookies.

Please guide

Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336


As per my knowledge, session information also travel over internet as the part of header then how do we predict that it is safe to use session over cookies.

The session is not passed back and forth between client and server (if it were, why bother using the session?). Data is sent from the client and persisted in memory on the server in the session. The part that is passed back and forth is the key that identifies the session. Typically a web browser uses an in-memory cookie as the session identifier. If cookies are disabled, the web app. has to use url re-writing to do this (adding a session id to every URL in the app). Either way it ammounts to the same thing: HTTP is stateless, the only way a client can identify itself to a server is by passing an identifier of some sort or other.

The difference between this and normal cookies (as demonstrated above) is cookies remain on the client machine. Because of this, you shouldn't put anything sensitive in these sort of cookies. The session is safer.

Ultimately, because of the stateless nature of HTTP, something has to be passed from client to server for even the most basic session tracking to work. If you are worried about security its not a session vs cookie debate really; you need to be using SSL.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Ashu Jain
Ranch Hand

Joined: Feb 24, 2008
Posts: 73
Thanks. I got it

Ashu
 
 
subject: Cookies In session
 
Similar Threads
newbie : session problem
session management in servlets
Are session attributes really stored in cookie?
How to set cookies in Tapestry ?
Session