|
|
Saving Client State |
Cookies are a way for a server (or a servlet, as part of a server) to send some information to a client to store, and for the server to later retrieve its data from that client. Servlets send cookies to clients by adding fields to HTTP response headers. Clients automatically return cookies by adding fields to HTTP request headers.
Each HTTP request and response header is named and has a single value. For example, a cookie could be a header named
BookToBuywith a value304qty1, indicating to the calling application that the user wants to buy one copy of the book with stock number 304. (Cookies and their values are application-specific.)Multiple cookies can have the same name. For example, a servlet could send two cookies with headers named
BookToBuy; one could have the value shown previously,304qty1, while the other could have a value301qty3. These cookies would indicate that the user wants to buy one copy of the book with stock number 304, and three copies of the book with stock number 301.In addition to a name and a value, you can also provide optional attributes such as comments. Current web browsers do not always treat the optional attributes correctly, so you should not rely on them.
A server can provide one or more cookies to a client. Client software, such as a web browser, is expected to support twenty cookies per host, of at least four kilobytes each
When you send a cookie to a client, standard HTTP/1.0 caches will not cache the page. Currently, the
javax.servlet.http.Cookiedoes not support HTTP/1.1 cache control models.Cookies that a client stores for a server are returned by the client to that server and only that server. A server can contain multiple servlets; the Duke's Bookstore example is made up of multiple servlets running within a single server. Because cookies are returned to a server, servlets running within a server share cookies. The examples in this section illustrate this by showing the
CatalogServletandShowCartservlet working with the same cookies.
Note: This section shows code that is not a part of the Duke's Bookstore example. Duke's Bookstore could use code like that shown in this lesson if it used cookies instead of session tracking to keep track of the client's book order. Because cookies are not a part of Duke's Bookstore, think of the examples in this section as pseudo-code.
To send a cookie,
To get information from a cookie,
- Retrieve all the cookies from the user's request
- Find the cookie or cookies with the name that you are interested in, using standard programming techniques
- Get the values of the cookies that you found
Creating a Cookie
The constructor for the
javax.servlet.http.Cookieclass creates a cookie with an initial name and value. You can change the value of the cookie later with itssetValuemethod.The name of the cookie must be an HTTP/1.1 token. Tokens are strings that contain none of the special characters listed in RFC 2068. (Alphanumeric strings qualify as tokens.) In addition, names that start with the dollar-sign character ("
$") are reserved by RFC 2109.The value of the cookie can be any string, though null values are not guaranteed to work the same way on all browsers. In addition, if you are sending a cookie that complies with Netscape's original cookie specification, do not use whitespace or any of these characters:
[ ] ( ) = , " / ? @ : ;If your servlet returns a response to the user with a
Writer, create the cookie before accessing theWriter. (Because cookies are sent to the client as a header, and headers must be written before accessing theWriter.)If the
CatalogServletused cookies to keep track of a client's book order, the servlet could create cookies like this:public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { BookDBServlet database = (BookDBServlet) getServletConfig().getServletContext().getServlet("bookdb"); // Check for pending adds to the shopping cart String bookId = request.getParameter("Buy"); //If the user wants to add a book, remember it by adding a cookie if (bookId != null) { Cookie getBook = new Cookie("Buy", bookId); ... } // set content-type header before accessing the Writer response.setContentType("text/html"); // now get the writer and write the data of the response PrintWriter out = response.getWriter(); out.println("<html>" + "<head><title> Book Catalog </title></head>" + ...); ... }
Setting Cookie Attributes
The
Cookieclass provides a number of methods for setting a cookie's values and attributes. Using these methods is straightforward; they are explained in the javadoc forCookieclass.The following example sets the comment field of the
CatalogServlet's cookie. The comment field describes the purpose of the cookie.public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ... //If the user wants to add a book, remember it by adding a cookie if (values != null) { bookId = values[0]; Cookie getBook = new Cookie("Buy", bookId); getBook.setComment("User wants to buy this book " + "from the bookstore."); } ... }You can also set the maximum age of the cookie. This attribute is useful, for example, for deleting a cookie. Once again, if Duke's Bookstore kept track of a user's order with cookies, the example would use this attribute to delete a book from the user's order. The user removes a book from the shopping cart in the
ShowCartServlet; its code would look something like this:public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ... /* Handle any pending deletes from the shopping cart */ String bookId = request.getParameter("Remove"); ... if (bookId != null) { // Find the cookie that pertains to the book to remove ... // Delete the cookie by setting its maximum age to zero thisCookie.setMaxAge(0); ... } // also set content type header before accessing the Writer response.setContentType("text/html"); PrintWriter out = response.getWriter(); //Print out the response out.println("<html> <head>" + "<title>Your Shopping Cart</title>" + ...);
Sending the Cookie
Cookies are sent as headers of the response to the client; they are added with the
addCookiemethod of theHttpServletResponseclass. If you are using aWriterto return text data to the client, you must call theaddCookiemethod before calling theHttpServletResponse'sgetWritermethod.Continuing the example of the
CatalogServlet, the following is code for sending the cookie:public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ... //If the user wants to add a book, remember it by adding a cookie if (values != null) { bookId = values[0]; Cookie getBook = new Cookie("Buy", bookId); getBook.setComment("User has indicated a desire " + "to buy this book from the bookstore."); response.addCookie(getBook); } ... }
Retrieving Cookies
Clients return cookies as fields added to HTTP request headers. To retrieve any cookie, you must retrieve all the cookies using the
getCookiesmethod of theHttpServletRequestclass.The
getCookiesmethod returns an array ofCookieobjects, which you can search to find the cookie or cookies that you want. (Remember that multiple cookies can have the same name. To get the name of a cookie, use itsgetNamemethod.)To continue the
ShowCartServletexample:public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ... /* Handle any pending deletes from the shopping cart */ String bookId = request.getParameter("Remove"); ... if (bookId != null) { // Find the cookie that pertains to the book to remove Cookie[] cookies = request.getCookies(); ... // Delete the book's cookie by setting its maximum age to zero thisCookie.setMaxAge(0); } // also set content type header before accessing the Writer response.setContentType("text/html"); PrintWriter out = response.getWriter(); //Print out the response out.println("<html> <head>" + "<title>Your Shopping Cart</title>" + ...);
Getting the Value of a Cookie
To find the value of a cookie, use its
getValuemethod. To continue theShowCartServletexample:public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ... /* Handle any pending deletes from the shopping cart */ String bookId = request.getParameter("Remove"); ... if (bookId != null) { // Find the cookie that pertains to that book Cookie[] cookies = request.getCookies(); for(i=0; i < cookies.length; i++) { Cookie thisCookie = cookie[i]; if (thisCookie.getName().equals("Buy") && thisCookie.getValue().equals(bookId)) { // Delete the cookie by setting its maximum age to zero thisCookie.setMaxAge(0); } } } // also set content type header before accessing the Writer response.setContentType("text/html"); PrintWriter out = response.getWriter(); //Print out the response out.println("<html> <head>" + "<title>Your Shopping Cart</title>" + ...);
|
|
Saving Client State |
