| Author |
A doubt in Cookie
|
Sumit Jindal
Greenhorn
Joined: Oct 11, 2008
Posts: 3
|
|
Hi,
I was trying out Cookie example from Session Mgmt chapter of HSFJ.
What I did was, created a new cookie with key=username and value=xyz. I also did a setMaxAge(5*60); on that cookie object and added that in response.
After sending the response, I checked in browser(firefox 3.0) for the cookie. The cookie was present with expiry time as expected i.e 5 minutes after current time.
Now, I made a another request to some other servlet where I checked the maxAge for that old cookie (i.e "username"). Surprisingly, getMaxAge() returned -1. I realized that this can be because the browser is sending the cookie in Header as "cookie:username=xyz" which doesn't contain any info about the max age. So, it is giving the max age by default as -1 to that cookie.
What I wanted to know is, if there is any way I can find out the original maxAge of the cookie which I had set while creating it in previous response?
Hope.. my doubt is clear.
Thanks
Sumit
|
 |
Steve Luke
Bartender
Joined: Jan 28, 2003
Posts: 3027
|
|
|
No, the timeout is maintained by the client side, and not shared with the server. Why do you want to get the timeout?
|
Steve
|
|
Pat Farrell
Rancher
Joined: Aug 11, 2007
Posts: 4422
|
|
Originally posted by Sumit Jindal:
What I wanted to know is, if there is any way I can find out the original maxAge of the cookie which I had set while creating it in previous response?
No, and more importantly:
Never trust data from the client/browser.
Never ever.
It is much better to set the cookie to a nonce value, and use the nonce as the key to a HashMap on your server/servlet side
|
|
 |
|
|
subject: A doubt in Cookie
|
|
|
0
