aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes cookie explanation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "cookie explanation" Watch "cookie explanation" New topic
Author

cookie explanation

Harshana Dias
Ranch Hand

Joined: Jun 11, 2007
Posts: 327
Hey,

In what practical scenarios we are using cookies with out session management. we can create cookie objects and add them to response right like following.



Also it says using that setMaxAge method we can keep the cookie even after the browser closed right? means even session invalidate. But then when again a new session conversation start how can browser send (find) the previously used cookie for the request as session info?

Thank You.
Chinmaya Chowdary
Ranch Hand

Joined: Apr 21, 2008
Posts: 432
Hi Harshana.
In what practical scenarios we are using cookies with out session management. we can create cookie objects and add them to response right like following.

By using cookies we dont need to provide 'username' every time we made request to the server.
Also it says using that setMaxAge method we can keep the cookie even after the browser closed right? means even session invalidate. But then when again a new session conversation start how can browser send (find) the previously used cookie for the request as session info?

if session is invalidated at server side, its unique id is lost. If user communicates with the older JSESSIONID cookie through browser, the container sees the session id from the client, and checks is there any valid session object is present associated with this id or not? If presents communicates with that id, if not creates new session object and sends to the client through cookie.
Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
This topic is cross posted. I have replied to the other post!


JDBCSupport - An easy to use, light-weight JDBC framework -
Harshana Dias
Ranch Hand

Joined: Jun 11, 2007
Posts: 327
Sebastian Janisch wrote:This topic is cross posted. I have replied to the other post!


well sebastian it was a mistake and i have said for the admin to delete it. now its not there and i didnt see your post. so can you please write it here if you mind
Ananya Kaur
Greenhorn

Joined: Feb 09, 2010
Posts: 3
I was going through this post and was unclear on how cookies could be read after session has been invalidated (Provided that maxAge of cookie exceeds session invalidation time).

Does it mean that I'll be able to read the cookie information without the JSESSION ID?

Khaled Mahmoud
Ranch Hand

Joined: Jul 15, 2006
Posts: 361
Hi,

To make things clear, imagine that a cookie is like a bean (with name and value attributes) that the server sends to the client through the HTTP Response. Consider the below simple scenario.

Browser to http://www.AnanyaKaur com. Let's suppose that the web server sends a cookie with [Name="Exam", Value="SCWCD"].

Here is a series of steps explaining this scenario.

  • The web browser sends a GET HTTP Request to the server.



  • The web server receives the request. (In case of the Java programming language) the code that will be responsible for serving this request is a Servlet or a JSP.
    A code snippet like this is used to send the cookie back to the client :

    Cookie rv = new Cookie("Exam","SCWCD");
    response.addCookie(rv);




  • The browser now receives the HTTP Response from the server. It sees that, there are cookies in the response. The browser stores those cookies.
    The browser now has the below entry :

    www.AnanyaKaur.com --> (Has the following cookies) ["Exam","SCWCD"]



  • Later, any request that is sent to the same website (www.AnanyaKaur.com), the browser sends the cookies with every request.


  • Cookies are exhachned between the client and server in HTTP Request/Response as HTTP Headers.

    Now here comes the question : What does all this has to do with session ??

    When the web server creates a session object, it sends a cookie to the browser (For example,
    sessionID, or ClientId or call it whaterver you want that identifies the currently created session. The name of the this cookie depends on the web container. You don't have
    to care for it.

    When you send another request to the server, the sessionID(or cookie that is used to identify the session) is sent with every request to the server.
    Automatically Servlet container will associate this sessionID with the Session Object on the server, and you as a developer simply call
    the request.getSession() to get a session object, while the container has done
    everything for you.

    That's why when you clear the cookies on your browser, you have to re-login again to whatever site you are logged in. Because you have deleted the cookie
    or set of cookies that store your session ID.

    One more thing, when you call the session.invalidate(), you delete the session object from the server, but the corresponding cookies still exist on the client.
    But they will not be of any user, since they have no corresponding session on the server.

    I strongly advice to read [HTTP The Definitive Guide] which explains HTTP in detail and in a very simple and easy way.

    Also take a look at the following thread to see how you remove cookies

    http://forums.devshed.com/java-help-9/question-on-how-to-deleting-cookies-in-a-servlet-126544.html

    Hope this helps ;)


    SCJP, SCJD,SCWCD,SCDJWS,SCEA 5 MCP-C#, MCP-ASP.NET - http://www.khaledinho.com/
    Life is the biggest school
    Bob Wheeler
    Ranch Hand

    Joined: Apr 24, 2009
    Posts: 317
    Hi,

    actually a cookie is just a piece of data. Nothing to do with sessions or browser shut down. Only cookies with

    expire if the session quits. You can call them session cookies.
    But cookies with a positive MaxAge have nothing to do with sessions anymore. They stay alive until they expire, independent of any session (or browser ).

    Cheers
    Bob


    SCJP 6 - SCJD - SCWCD 5 - SCBCD 5
    JavaEnterpriseEditionFaq - TomcatFaq
    Ananya Kaur
    Greenhorn

    Joined: Feb 09, 2010
    Posts: 3
    Thank you so much for your explanation - Khaled and Bob
     
     
    subject: cookie explanation