It's not a secret anymore!*
The moose likes Servlets and the fly likes A doubt in Cookie Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "A doubt in Cookie" Watch "A doubt in Cookie" New topic
Author

A doubt in Cookie

Sumit Jindal
Greenhorn

Joined: Oct 11, 2008
Posts: 3
Hi,

I was trying out Cookie example from Session Mgmt chapter of HSFJ.
What I did was, created a new cookie with key=username and value=xyz. I also did a setMaxAge(5*60); on that cookie object and added that in response.
After sending the response, I checked in browser(firefox 3.0) for the cookie. The cookie was present with expiry time as expected i.e 5 minutes after current time.
Now, I made a another request to some other servlet where I checked the maxAge for that old cookie (i.e "username"). Surprisingly, getMaxAge() returned -1. I realized that this can be because the browser is sending the cookie in Header as "cookie:username=xyz" which doesn't contain any info about the max age. So, it is giving the max age by default as -1 to that cookie.
What I wanted to know is, if there is any way I can find out the original maxAge of the cookie which I had set while creating it in previous response?

Hope.. my doubt is clear.

Thanks
Sumit
Steve Luke
Bartender

Joined: Jan 28, 2003
Posts: 4181
    
  21

No, the timeout is maintained by the client side, and not shared with the server. Why do you want to get the timeout?


Steve
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Originally posted by Sumit Jindal:
What I wanted to know is, if there is any way I can find out the original maxAge of the cookie which I had set while creating it in previous response?


No, and more importantly:

Never trust data from the client/browser.

Never ever.

It is much better to set the cookie to a nonce value, and use the nonce as the key to a HashMap on your server/servlet side
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: A doubt in Cookie