Cookie introduction and application

Set and read cookies in servlet display

1. What is Cookie?

Cookie is a message sent to the client by the Web server using the set-Cookie response. The client returns the message to the server in subsequent requests. The server can read (but cannot change) the message.

Cookies are not interpreted and executed in any way. They are displayed as name-value pairs to save messages. The server resends the modified cookie to change the cookie.

The browser has a limit on the cookie size and quantity.

Ii. Advantages and Disadvantages of cookies

Avoid using cookies to store sensitive data in servlet or JSP. Users may choose to disable the cookie (then rewrite the URL), so they do not rely on the cookie as much as possible. If you can disable cookies to provide users with reasonable functions, do so.

1. Advantages of cookies

Identify a user in an e-commerce session and use the API javax. servlet. http. Cookie provided by Servlet for session tracking; record the user name and password, which is less secure than the website.

Custom site:

For simple page settings, use cookies to record users' preferences and store the page settings in cookies for customization.

For complex page settings, use cookies to send unique identifiers to users. The server-side database stores the page settings corresponding to each identifier.

Targeted advertisement:

When the first access does not contain the corresponding cookies and search items that do not match any advertisement classification, the website displays a random advertisement. When there is a cookie, you can record the user's search content, identify the user's interests, and display targeted ads on the page.

2. disadvantages of cookies

This poses a great threat to user privacy. For example, if the cookie data is shared, the cookie is associated with the image. The two websites can load images through the same third-party website to share user data.

3. Sending and reading cookies

Servlet uses the javax. servlet. http. Cookie class to encapsulate cookie information. Use httpservletresponse to read cookie information.

(1), send a cookie to the client

1. Create a cookie object.

Use the cookie constructor to create a cookie instance. Returns the string: Cookie name and cookie value. The name and value cannot contain special characters.

2. Obtain and set the maximum cookie retention time on the client. Store session-level cookies on the client. Getmaxage and setmaxage methods. In seconds. If it is set to a negative value, it indicates a session-level cookie, Which is deleted by the client browser after the session ends. If it is set to 0, it indicates the browser to delete the cookie. But this is not the case, so it is better to set it to 1!

3. Insert the cookie into the HTTP response header.

As before, any response header must be set before any document is sent to the client. Use the response. addcookie method to create a new set-Cookie Response Header without modifying the set-Cookie header in the previous request header.

(2) reading cookies from the client

1. Use request. getcookie to return an array of cookie objects. If no array exists, null is returned.

2. loop through the cookie object array, call getname to find the required cookie, and then call the getvalue method to obtain the cookie value.

Iv. Cookie attributes

Attribute is part of the response header sent from the server to the browser, but it does not belong to the request header sent by the browser to the server. Therefore, the cookie attributes are only used for the cookies sent from the server to the client. That is to say, we can only operate on the cookie attribute on the server side and send the cookie to the client. However, attributes in cookies from the client cannot be operated.

Use the cookie. setxxx and getxxx methods to set and obtain attributes. XXX is the attribute name.

1. setdomain (string domainpattern) and getdomain (): Set and read the domains applicable to cookies.

Generally, the cookie is returned to a host with the same host name as the host name that sent the cookie. If you want to return data to another host, use this method to set the specified domain. The domain must start with a vertex. A non-state domain must contain two dots. The country domain must contain three dots.

2. setmaxage (INT lifetime) and getmaxage (): Set and obtain the maximum cookie retention time, in seconds. The default value is negative. If it is set to a negative value, it indicates a session-level cookie, Which is deleted by the client browser after the session ends. NOTE: If it is set to 0, it indicates the browser to delete the cookie theoretically. But this is not the case, so it is better to set it to 1!

3. getname: get the cookie name. After a cookie is created, its name cannot be changed.

4. setvalue (string cookievalue) and getvalue (): setvalue for setting and obtaining cookies is generally used to change the values of input cookies and send them out.

5. setpath (string path) and getpath (): Set and obtain the Cookie Path. If no path is specified, the browser only returns the cookie to the URL in or under the "directory" of the page sending the cookie. Cookie. setpath ("/") specifies that all URLs on the website should receive the cookie.

6. setsecure (Boolean secureflag) and getsecure (): set or obtain a Boolean value to indicate whether the cookie is encrypted. The default value is false.

5. Use cookies to distinguish between the first visitor and the second visitor

Check whether the cookie with the unique name exists. If the cookie exists, the cookie is the first visitor. If the cookie does not exist, the cookie is the re-visitor and the output cookie is set. The cookie array cannot be considered as the first visitor only because it is null, And the array is not empty or it may be the first visitor. You must traverse the cookie array to check whether the cookie name and value are consistent with expected values. If they are inconsistent, the cookie is added and the information prepared for the initial visitor is displayed. If they are consistent, the information of the new visitor is displayed.

Session Cookie and persistent cookie

Sets and obtains the maximum cookie retention time. If it is set to a negative value, it indicates a session-level cookie. If it is set to a positive integer, it indicates a persistent cookie.

7. Use cookies to record users' simple information

Simple user information can be directly recorded in cookies. For complex user information, store the Unique User ID in the cookie and store the user information in the database.

1. Record the user name and log in automatically within the specified time. When you use this user name for operations, you must check the returned cookie on the server side.

2. Custom site: for simple page settings, use cookies to record users' preferences and store page settings in cookies for customization. For complex page settings, use cookies to send unique identifiers to users. The server-side database stores the page settings corresponding to each identifier.

8. script code used by the client to obtain the cookie 

function getCookie(parameter){var reg,allCookie,allCookie2,iLen,iStart,iEnd;allCookie = document.cookie;reg = new RegExp(parameter);if((allCookie.search(reg) == -1)||(allCookie.indexOf(parameter+"=")<0)){return "";}else{iLen = parameter.length;iStart = allCookie.search(reg) + iLen +1;allCookie2 = allCookie.substr(iStart);iEnd = iStart + allCookie2.search(/;/i);  if((iStart - 1) == iEnd){return allCookie.substr(iStart);  }  else{   return allCookie.substr(iStart,iEnd - iStart);  } }}