HttpSession and Cookie

Hello javaranchers,
I am building a webapp where users can customize colors (Blue or Red) of pages to their likings.
My code looks like following:
HttpSession session = req.getSession(true); Cookie cookie = null; synchronized(session) { cookie = session.getAttribute("colorcookie"); if(cookie == null) { cookie = new Cookie("colorcookie", "default");//blue is default cookie.setMaxAge(60*60*24*30);//keeps the setting for a month cookie.setPath("/"); response.addCookie(cookie); //<-----------------??? session.setAttribute("colorcookie", cookie); } } customizeColor(cookie); ... ...
Would this code work? My intension was to keep the preference for long time, so when tehy come back, the color would be what they chose a couple weeks ago. Quesions:
1. Will setting session.setMaxInactiveInterval(-1) will persist after closing the browser? Which means, I don't have to use Cookie. I could create a simple preference class to specify color preference and set it as attribute.
Any ideas or opinion would be greatly appreciated. Thank you

1. I don't see any reason to synchronize on the session.
2. Where do you recover a possible cookie from previous visits?
3. Setting the session max inactive interval to -1 means to never time out. If your servlet engine serializes sessions to a file, it would stick around forever - you might end up with lots of orphan sessions.
I don't think it has anything to do with the lifetime of the cookie on the browser that associates the browser with that session, but I might be wrong. If the browser forgets the session ID, where are you?
If you are going to deal with a lot of visitors, seems to me you need a database.
Bill

Originally posted by William Brogden:
1. I don't see any reason to synchronize on the session.
2. Where do you recover a possible cookie from previous visits?
3. Setting the session max inactive interval to -1 means to never time out. If your servlet engine serializes sessions to a file, it would stick around forever - you might end up with lots of orphan sessions.
I don't think it has anything to do with the lifetime of the cookie on the browser that associates the browser with that session, but I might be wrong. If the browser forgets the session ID, where are you?
If you are going to deal with a lot of visitors, seems to me you need a database.
Bill

Thank you Bill as always.
Let's forget about what I wrote previously. I just want to accomplish the functionality that let's users enjoy his/her preference when they visit my site. Following are more questions I have:
Assumpsion: Users will have enabled Cookie.
1. Can you modify Cookie object that has already been created? For instance, a user wants Red to be the color of her page which, in turn, creates a cookie with color=red. A few days later she wants to change the color to Blue. Can the existing cookie be changed so that it now contains color=blue?
2. If above is possible, response.addCookie(cookie); should be called even if I am not adding NEW cookie?
3. Do you have any other/better idea how to accomplish the functionality?
I guess what I am trying to do is just like what http://my.yahoo.com is doing. It let's me customize my own yahoo home page. Once it is done, it doesn't ask me to login all the time and I can still make changes as much as I want.

1. Yes, a revised cookie will replace an earlier one as long as the name is the same.
2. Yes, you have to add it to the response.
3. As long as your cookies don't have to hold too much data, this will work fine. Cookies are intended for small amounts of data. Places like Amazon store some sort of customer ID as a cookie and retrieve complex data from a database.
You might want to look up RFC 2109 for cookie standards - just try a search on Yahoo.
Bill