Cookie in a servlet.

Download Report

Transcript Cookie in a servlet. 

Cookie in a servlet.
•
Cookies are small bits of textual information
that a Web server sends to a browser and
that the browser returns unchanged when
visiting the same Web site or domain later i.e
cookie is stored on client and contain state
information.
•
Cookies are valuable for tracing users
activity.
»
»
»
Identifying a user during an e-commerce session,
avoiding username and password,
customizing a site etc.
• Providing convenience to the user and added
value to the site owner is the purpose behind
cookies. cookies are not a serious security
threat.
• Cookies are never interpreted or executed in
any way.
• Browsers generally only accept 20 cookies per
site and 300 cookies total, and each cookie is
limited to 4KB,
• However, even though they don't present a
serious security threat, they can present a
significant threat to privacy.
The cookies class
• A servlet can write a cookie to user’s
machine via addCookie() method of
HttpServletRespoonse interface.
• Information that is saved for each cookie
–
–
–
–
Name
Value
Expiration date
Domain and path of cookie
Constructor for cookie
Cookie (string name, String value)
• String getComment() / void setComment (String s)
– Gets/sets a comment associated with this cookie.
• String getDomain() / void setDomain (String d)
– Gets/sets the domain to which cookie applies. Normally, cookies are
returned only to the exact hostname that sent them. You can use this
method to instruct the browser to return them to other hosts within the
same domain. Note that the domain should start with a dot (e.g.
.prenhall.com), and must contain two dots for non-country domains like
.com, .edu, and .gov, and three dots for country domains like .co.uk and
.edu.es.
• Int getMaxAge() / void setMaxAge(int secs)
– Gets/sets how much time (in seconds) should elapse before the cookie
expires. If you don't set this, the cookie will present only for the current
session (i.e. until the user quits the browser), and will not be stored on
disk.
mycookie.setMaxAge(30*24*60*60);
• String getName()
– Gets/sets the name of the cookie. The name and the value are the two
pieces you virtually always care about. Since the getCookies method of
HttpServletRequest returns an array of Cookie objects, it is common to
loop down this array until you have a particular name, then check the
value with getValue.
• String getPath () / void setPath (string p)
– Gets/sets the path to which this cookie applies. If you don't
specify a path, the cookie is returned for all URLs in the same
directory as the current page as well as all subdirectories. This
method can be used to specify something more general. For
example, someCookie.setPath("/") specifies that all pages on the
server should receive the cookie. Note that the path specified
must include the current directory.
• Boolean getSecure()
– Returns true if cookie must be sent using only secure protocol
otherwise false
• Void setSecure (boolean secure)
– That cookies will only send when protocol is secure.
• String getValue() / void setValue (string v)
– Gets/sets the value associated with the cookie. Again, the name
and the value are the two parts of a cookie that you almost
always care about. getVersion/setVersion
Placing Cookies in the Response
Headers
• The cookie is added to the Set-Cookie
response header by means of the addCookie
method of HttpServletResponse. Here's an
example:
• Cookie userCookie = new Cookie("user", "uid1234");
response.addCookie(userCookie);
Set cookie
import java.io.*; import java.net.*; import javax.servlet.*;
import javax.servlet.http.*;
public class CountLogin extends HttpServlet {
Protected void doGet(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
response.setContentType("text/html”);
PrintWriter out = response.getWriter();
String data = request.getParameter(“data”);
Cookie c = new Cookie(“mycookie”,data);
response. addCookie(c);
}
Reading Cookies from the Client
•
read the cookies that come back from the client, you call
getCookies on the HttpServletRequest.
Cookie[] c = request.getCookies();
if( (c != null) && ( c.lehgth > 0))
{
for(int i=0; i<c.length;i++)
{
Cookie c1 = c[i];
out.println(c1.getName() + c1.getValue())
}
}else
{
out.println (“no cookies found”);}
• Get cookies
import java.io.*; import java.net.*; import javax.servlet.*;
import javax.servlet.http.*;
public class CountLogin extends HttpServlet {
Protected void doGet(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException
{
response.setContentType("text/html”);
PrintWriter out = response.getWriter();
Cookie[] c = request.getCookies();
for(i=0;i<c.length;i++)
{
String name = c[i].getName();
String val = c[i].getValue();
out.println ( name + “ ” + value);
}
}
}