JSP processing Cookie

9.1 Cookie Overview

Cookies are small plain text information sent by the server to the browser. When a user accesses the same Web server, the browser will send them to the server as they are. By allowing the server to read the information it previously saved to the client, the website can provide a series of convenience for viewers, for example, when a user is identified during an online transaction and has low security requirements, users are not allowed to repeatedly enter their names and passwords, customize the portal's home page, and place advertisements in a targeted manner.

Cookie aims to bring convenience to users and add value to websites. Although there are many false positives, cookies do not actually pose a serious security threat. Cookies will never be executed in any way, so they will not bring viruses or attack your system. In addition, browsers generally only allow 300 cookies, and each site can store up to 20 cookies. The size of each Cookie is limited to 4 KB, So cookies will not fill your hard disk, it will not be used as a "Denial of Service" attack.

9.2 Servlet Cookie API

To send the Cookie to the client, the Servlet first needs to call new Cookie (name, value) to create one or more cookies (Section 2.1) with the appropriate name and value. setXXX sets various attributes (section 2.2) through response. addCookie adds the cookie to the Response Header (section 2.3 ).

To read the Cookie from the client, the Servlet should call the request. getCookies () and getCookies () Methods to return an array of Cookie objects. In most cases, you only need to access each element of the array cyclically to find the Cookie with the specified name, and then call the getValue method for the Cookie to obtain the value associated with the specified name, this part will be discussed in section 2.4.

9.2.1 create a Cookie

You can call the constructor of a Cookie object to create a Cookie. The constructor of a Cookie object has two string parameters: Cookie name and Cookie value. Both names and values cannot contain white spaces and the following characters:
[] () = ,"/? @:;




9.2.2 read and set Cookie attributes

Before adding a Cookie to the response header to be sent, you can view or set various attributes of the Cookie. The following describes these methods:

GetComment/setComment
GET/set Cookie comments.
GetDomain/setDomain
Obtain/set the applicable domain of the Cookie. Generally, a Cookie only returns a server with the same name as the server that sent the Cookie. The method indicates that the browser returns the Cookie to other servers in the same domain. Note that the domain must start with a vertex (for example, .sitename.com), or a non-state domain (such. com ,. edu ,. gov) must contain two vertices, the domain of the Country class (such as .com.cn ,. edu. uk) must contain three vertices.
GetMaxAge/setMaxAge
GET/set the time before the Cookie expires, in seconds. If this value is not set, the Cookie is valid only in the current session, that is, before the user closes the browser, and these cookies are not saved to the disk. See the following LongLivedCookie description.
GetName/setName
Obtain/set the Cookie name. In essence, names and values are two parts that we always care about. Because the getCookies method of HttpServletRequest returns an array of Cookie objects, it is usually used to access this array in a loop to find a specific name, and then use getValue to check its value.
GetPath/setPath
Obtain/set the applicable Cookie Path. If no path is specified, the Cookie will be returned to all the pages in the directory of the current page and Its subdirectories. The method can be used to set more general conditions. For example, someCookie. setPath ("/"), all the pages on the server can receive the Cookie.
GetSecure/setSecure
GET/set a boolean value that indicates whether the Cookie can only be sent through an encrypted connection (SSL.
GetValue/setValue
Obtain/set the Cookie value. As mentioned above, the name and value are actually two aspects that we always care about. However, there are some exceptions, such as using the name as a logical tag (that is, if the name exists, it indicates true ).
GetVersion/setVersion
Obtain/set the Protocol version that the Cookie complies. The default version 0 follows the original Netscape specification. Version 1 complies with RFC 2109, but is not widely supported.
9.2.3 set Cookie in response header

Cookie can be added to the Set-Cookie response header Through the addCookie method of HttpServletResponse. The following is an example: