Cookie Principle and Application

Cookie means "the dessert sent from the server to the browser", that is, when the server responds to a request, it can save some data in the form of a "key-value" pair through response information on the client. When the browser accesses the same application again, the original cookie is sent to the server through the request information.

The following servlet shows the cookie function.

Public void doget (httpservletrequest request, httpservletresponse response) throws servletexception, ioexception {response. setcontenttype ("text/html"); printwriter out = response. getwriter (); string option = request. getparameter ("option"); If ("show ". equals (option) {// obtain cookie data in the Request Information cookie [] cookie = request. getcookies (); If (cookies! = NULL) {// find the cookie for (INT I = 0; I <cookies. length; I ++) {If ("cool ". equals (Cookies [I]. getname () {out. println ("<H2>" + Cookies [I]. getname () + ":" + Cookies [I]. getvalue () + "</H2>") ;}}} else if ("add ". equals (option) {// create cookie object cookie = new cookie ("cool", "yeah! "); // Set the life cycle in seconds. setmaxage (20); // Add cookie response. addcookie (cookie );}

The URL-pattern corresponding to this servlet is/testcookie
When the browser request address ".../TST/testcookie? Option = add, the servlet creates a cookie object, and the stored key-value pair is "cool"-"Yeah ". Use the addcookie method of response to add the cookie information to the corresponding information. Note that the setmaxage method of the cookie is used to set the cookie lifecycle. The unit is seconds. If the cookie expires, the cookie will become invalid. If the value of the setmaxage method is negative, the cookie expires when the browser is disabled. If the value is 0, the cookie is deleted immediately. When you access this address, the HTTP information of the corresponding request and response is:
Request:
GET/TST/testcookie? Option = add HTTP/1.1
Accept: image/GIF, image/X-xbitmap, image/JPEG, image/pjpeg, application/X-Shockwave-flash, application/X-Silverlight ,**
Accept-language: ZH-CN
UA-CPU: x86
Accept-encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
HOST: 192.168.5.100: 8080
Connection: keep-alive
COOKIE: Cool = yeah!
Response:
HTTP/1.1 200 OK
Server: APACHE-Coyote/1.1
Content-Type: text/html; charset = ISO-8859-1
Content-Length: 21
Date: Sun, 29 Jun 2008 06:15:26 GMT
<H2> cool: Yeah! </H2>
Note: The request protocol header is used to carry the cookie information format.

Cookie can be used to maintain the user's session status, but the cookie information is stored on the client, there is a large security risk, and generally the browser has strict restrictions on the number of cookies and data size. In Web applications, the session State is usually maintained through the httpsession object.

You can set a maximum life cycle for each cookie. If this value is set, the browser writes the cookie to the hard disk.

However, if the maximum life cycle of a cookie is not set, the cookie is called a session cookie, which exists in the memory. When the browser is disabled, the cookie disappears. (Session implementation mechanism)