Cookies in Jsp

In the process of developing website applications, using cookies to record user information is a common method, and the use of cookies is also very simple.
1. Cookie is added to the Set-Cookie response header Through the addCookie method of HttpServletResponse
For example:
Cookie userCookie = new Cookie ("user", "admin ");
Response. addCookie (userCookie );
There are two important methods related to settings:
1. setMaxAge
Set the time before the Cookie expires, in seconds. If this value is not set, the Cookie is valid only in the current session, and these cookies are not saved to the disk.
Note: This method is used to delete a cookie. You can delete a cookie by setting the expiration time to 0.
2. setPath
Set the applicable path of the Cookie. If no path is specified, the Cookie will be returned to the directory where the current page (jsp (preferred for SUN Enterprise Applications) or Servlet ing) is located and all the pages under its subdirectories.
Note:
A: All cookies have paths.
B: the path set in this method is the client path, that is, "/" indicates the server root directory, rather than the WEB application root directory.
C: When setting the path in this method, "/myWeb/" is different from "/myWeb". Note that the former can be associated with the myWeb directory of the server, the latter cannot.
D: When this method is used to set the path, there is no relative directory, that is, no matter which Directory The setPath ("/myWeb/") is set /"), this cookie will be associated with the myWeb directory of the server (setPath ("/myWeb") is not allowed), rather than the myWeb subdirectory of the current directory; similarly, neither setPath ("myWeb/") nor setPath ("myWeb") can be associated with the myWeb subdirectory in the current directory.
Here is a strange example: the cookie set under one web application can be obtained under another web application (two web applications are on the same server)
Directory structure: There are two directories web1 and web2 in the root directory of the server, and setcookie under web1. jsp (preferred for SUN Enterprise applications) and getcookie. jsp (the preferred choice for SUN Enterprise applications) and getcookie under web2. jsp (preferred for SUN Enterprise applications)
Setcookie. jsp in web1 (preferred for SUN Enterprise applications)
<%
Cookie userCookie = new Cookie ("user", "admin ");
UserCookie. setMaxAge (24*60*60 );
UserCookie. setPath ("/web2 /");
Response. addCookie (userCookie );
%> Getcookie. jsp under web1 (preferred for SUN Enterprise applications)
<%
Cookie [] cookie = request. getCookies ();
String user = new String ();
If (cookie! = Null)
{For (int I = 0; I <cookie. length; I ++)
{Cookie myCookie = cookie [I];
If (myCookie. getName (). Equals ("user "))
{User = myCookie. getValue ();
}
}
}
Out. println ("user =" + user );
%> Getcookie. jsp in web2 (preferred for SUN Enterprise applications)
<% Cookie [] cookie = request. getCookies ();
String user = new String ();
If (cookie! = Null)
{For (int I = 0; I <cookie. length; I ++)
{Cookie myCookie = cookie [I];
If (myCookie. getName (). Equals ("user "))
{User = myCookie. getValue ();
}
}
}
Out. println ("user =" + user );
%>
[Nextpage]
First, access setcookie under web1. jsp (preferred for SUN Enterprise applications), and then access the getcookie under web1 and web2 respectively. jsp (the preferred file for SUN Enterprise applications), you will find a strange phenomenon, getcookie under web1. in jsp (the preferred choice for SUN Enterprise applications), the user is empty and the getcookie under web2. jsp (the preferred choice for SUN enterprise-level applications) has a user value, which is obtained from the cookie set under one web application under another web application.
Most people fail to delete the cookie because of the directory. A typical reason is that a cookie is set in a directory (the setPath method is not called), but the cookie is deleted in another directory (the setMaxAge method is actually called)
3. Cross-origin cookie sharing method: Set
Cookie. setDomain (".jszx.com ");
The domain of machine A: home.langchao.com, and application cas
The domain where machine B is located: jszx.com, and application of B webapp_ B
1) when setting cookies under cas, add cookie. setDomain (".jszx.com"); so that the cookie can be obtained under webapp_ B.
2) This parameter must be set to "." Start.
3) when you enter a url to access webapp_ B, you must enter a domain name for resolution. For example, in A machine input: http://lc-bsp.jszx.com: 8080/webapp_ B, you can get cas in the client set cookie, while B machine access the local application, input: http: // localhost: 8080/webapp_ B cannot obtain cookies.
4) cookie. setDomain (".jszx.com") is set, and can be shared under the default home.langchao.com.
Ii. Read
The getcookie method of HttpServletRequest is called when the client reads the Cookie. This method returns an array of Cookie objects corresponding to the content in the HTTP request header. After this array is obtained, it is generally used to access each element in a loop, call getName to check the names of each Cookie until the target Cookie is found. Call getValue for the target Cookie and perform other Processing Based on the obtained results.
Note: If the parent directory of jsp (the preferred choice for SUN Enterprise applications) and Servlet (the Servlet is its ing directory) contains the cookie with the same name, request. the Cookie array obtained by the getCookie () method stores the cookie information in its parent directory;
Iii. Description
We know that for requests and response on a page, an http request is generated. A request is all parameters in an http request. Therefore, it contains the cookie value when an http request is sent, response is the response to the webapplication of this http request, so it can write the cookie value. In this case, the cookie value obtained by the request, the value of the cookie to be written in response is completely different.
Simply put, the cookie value obtained by the request is the cookie value before the http request, and the value of response to be written is the cookie value after the http request. Therefore, in the same request and response, if a new cookie is added to the response, the request cannot obtain the cookie.