• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cookies In session

 
chandraiah chintakayalu
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
Cookies is the one way to maintain session between server and client, but can anybody explain with the coding how the cookies is created, stored in local system and how it is retreived and how it used to continue the session.


Thanks in advance,
Chandu
 
Ankit Garg
Sheriff
Posts: 9519
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First you will have to decide do you want Cookies or Session. If you have a lot of information about every user(including confidential information) then use Session as the information will be on the server and will not travel unsafely over internet.

If you want to use cookies, then do this

Cookie cook = new Cookie("name", "value");

then use response.add Cookie(cook);

then when you want to retrieve a cookie use

Cookie[] arr = request.get Cookies();
arr[0].getName()
arr[0].getValue()

note there is no space between get and Cookies but I get an error message if I try it witout space
 
Ashu Jain
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do not understand this.

"If you have a lot of information about every user(including confidential information) then use Session as the information will be on the server and will not travel unsafely over internet."

As per my knowledge, session information also travel over internet as the part of header then how do we predict that it is safe to use session over cookies.

Please guide

 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

As per my knowledge, session information also travel over internet as the part of header then how do we predict that it is safe to use session over cookies.

The session is not passed back and forth between client and server (if it were, why bother using the session?). Data is sent from the client and persisted in memory on the server in the session. The part that is passed back and forth is the key that identifies the session. Typically a web browser uses an in-memory cookie as the session identifier. If cookies are disabled, the web app. has to use url re-writing to do this (adding a session id to every URL in the app). Either way it ammounts to the same thing: HTTP is stateless, the only way a client can identify itself to a server is by passing an identifier of some sort or other.

The difference between this and normal cookies (as demonstrated above) is cookies remain on the client machine. Because of this, you shouldn't put anything sensitive in these sort of cookies. The session is safer.

Ultimately, because of the stateless nature of HTTP, something has to be passed from client to server for even the most basic session tracking to work. If you are worried about security its not a session vs cookie debate really; you need to be using SSL.
 
Ashu Jain
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks. I got it

Ashu
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic