in this chapter, we will discuss cookies handling in jsp. cookies are text files stored on the client computer and they are kept for various information tracking purposes. jsp transparently supports http cookies using underlying servlet technology.
there are three steps involved in identifying and returning users −
server script sends a set of cookies to the browser. for example, name, age, or identification number, etc.
browser stores this information on the local machine for future use.
when the next time the browser sends any request to the web server then it sends those cookies information to the server and server uses that information to identify the user or may be for some other purpose as well.
this chapter will teach you how to set or reset cookies, how to access them and how to delete them using jsp programs.
the anatomy of a cookie
cookies are usually set in an http header (although javascript can also set a cookie directly on a browser). a jsp that sets a cookie might send headers that look something like this −
http/1.1 200 ok date: fri, 04 feb 2000 21:03:38 gmt server: apache/1.3.9 (unix) php/4.0b3 set-cookie: name = xyz; expires = friday, 04-feb-07 22:03:38 gmt; path = /; domain = tutorialspoint.com connection: close content-type: text/html
as you can see, the set-cookie header contains a name value pair, a gmt date, a path and a domain. the name and value will be url encoded. the expires field is an instruction to the browser to "forget" the cookie after the given time and date.
if the browser is configured to store cookies, it will then keep this information until the expiry date. if the user points the browser at any page that matches the path and domain of the cookie, it will resend the cookie to the server. the browser's headers might look something like this −
get / http/1.0 connection: keep-alive user-agent: mozilla/4.6 (x11; i; linux 2.2.6-15apmac ppc) host: zink.demon.co.uk:1126 accept: image/gif, */* accept-encoding: gzip accept-language: en accept-charset: iso-8859-1,*,utf-8 cookie: name = xyz
a jsp script will then have access to the cookies through the request method request.getcookies() which returns an array of cookie objects.
servlet cookies methods
following table lists out the useful methods associated with the cookie object which you can use while manipulating cookies in jsp −
s.no. | method & description |
---|---|
1 |
public void setdomain(string pattern) this method sets the domain to which the cookie applies; for example, tutorialspoint.com. |
2 |
public string getdomain() this method gets the domain to which the cookie applies; for example, tutorialspoint.com. |
3 |
public void setmaxage(int expiry) this method sets how much time (in seconds) should elapse before the cookie expires. if you don't set this, the cookie will last only for the current session. |
4 |
public int getmaxage() this method returns the maximum age of the cookie, specified in seconds, by default, -1 indicating the cookie will persist until the browser shutdown. |
5 |
public string getname() this method returns the name of the cookie. the name cannot be changed after the creation. |
6 |
public void setvalue(string newvalue) this method sets the value associated with the cookie. |
7 |
public string getvalue() this method gets the value associated with the cookie. |
8 |
public void setpath(string uri) this method sets the path to which this cookie applies. if you don't specify a path, the cookie is returned for all urls in the same directory as the current page as well as all subdirectories. |
9 |
public string getpath() this method gets the path to which this cookie applies. |
10 |
public void setsecure(boolean flag) this method sets the boolean value indicating whether the cookie should only be sent over encrypted (i.e, ssl) connections. |
11 |
public void setcomment(string purpose) this method specifies a comment that describes a cookie's purpose. the comment is useful if the browser presents the cookie to the user. |
12 |
public string getcomment() this method returns the comment describing the purpose of this cookie, or null if the cookie has no comment. |
setting cookies with jsp
setting cookies with jsp involves three steps −
step 1: creating a cookie object
you call the cookie constructor with a cookie name and a cookie value, both of which are strings.
cookie cookie = new cookie("key","value");
keep in mind, neither the name nor the value should contain white space or any of the following characters −
[ ] ( ) = , " / ? @ : ;
step 2: setting the maximum age
you use setmaxage to specify how long (in seconds) the cookie should be valid. the following code will set up a cookie for 24 hours.
cookie.setmaxage(60*60*24);
step 3: sending the cookie into the http response headers
you use response.addcookie to add cookies in the http response header as follows
response.addcookie(cookie);
example
let us modify our form example to set the cookies for the first and the last name.
<% // create cookies for first and last names. cookie firstname = new cookie("first_name", request.getparameter("first_name")); cookie lastname = new cookie("last_name", request.getparameter("last_name")); // set expiry date after 24 hrs for both the cookies. firstname.setmaxage(60*60*24); lastname.setmaxage(60*60*24); // add both the cookies in the response header. response.addcookie( firstname ); response.addcookie( lastname ); %> <html> <head> <title>setting cookies</title> </head> <body> <center> <h1>setting cookies</h1> </center> <ul> <li><p><b>first name:</b> <%= request.getparameter("first_name")%> </p></li> <li><p><b>last name:</b> <%= request.getparameter("last_name")%> </p></li> </ul> </body> </html>
let us put the above code in main.jsp file and use it in the following html page −
<html> <body> <form action = "main.jsp" method = "get"> first name: <input type = "text" name = "first_name"> <br /> last name: <input type = "text" name = "last_name" /> <input type = "submit" value = "submit" /> </form> </body> </html>
keep the above html content in a file hello.jsp and put hello.jsp and main.jsp in <tomcat-installation-directory>/webapps/root directory. when you will access http://localhost:8080/hello.jsp, here is the actual output of the above form.
try to enter the first name and the last name and then click the submit button. this will display the first name and the last name on your screen and will also set two cookies firstname and lastname. these cookies will be passed back to the server when the next time you click the submit button.
in the next section, we will explain how you can access these cookies back in your web application.
reading cookies with jsp
to read cookies, you need to create an array of javax.servlet.http.cookie objects by calling the getcookies( ) method of httpservletrequest. then cycle through the array, and use getname() and getvalue() methods to access each cookie and associated value.
example
let us now read cookies that were set in the previous example −
<html> <head> <title>reading cookies</title> </head> <body> <center> <h1>reading cookies</h1> </center> <% cookie cookie = null; cookie[] cookies = null; // get an array of cookies associated with the this domain cookies = request.getcookies(); if( cookies != null ) { out.println("<h2> found cookies name and value</h2>"); for (int i = 0; i < cookies.length; i++) { cookie = cookies[i]; out.print("name : " + cookie.getname( ) + ", "); out.print("value: " + cookie.getvalue( )+" <br/>"); } } else { out.println("<h2>no cookies founds</h2>"); } %> </body> </html>
let us now put the above code in main.jsp file and try to access it. if you set the first_name cookie as "john" and the last_name cookie as "player" then running http://localhost:8080/main.jsp will display the following result −
found cookies name and value
name : first_name, value: john
name : last_name, value: player
delete cookies with jsp
to delete cookies is very simple. if you want to delete a cookie, then you simply need to follow these three steps −
read an already existing cookie and store it in cookie object.
set cookie age as zero using the setmaxage() method to delete an existing cookie.
add this cookie back into the response header.
example
following example will show you how to delete an existing cookie named "first_name" and when you run main.jsp jsp next time, it will return null value for first_name.
<html> <head> <title>reading cookies</title> </head> <body> <center> <h1>reading cookies</h1> </center> <% cookie cookie = null; cookie[] cookies = null; // get an array of cookies associated with the this domain cookies = request.getcookies(); if( cookies != null ) { out.println("<h2> found cookies name and value</h2>"); for (int i = 0; i < cookies.length; i++) { cookie = cookies[i]; if((cookie.getname( )).compareto("first_name") == 0 ) { cookie.setmaxage(0); response.addcookie(cookie); out.print("deleted cookie: " + cookie.getname( ) + "<br/>"); } out.print("name : " + cookie.getname( ) + ", "); out.print("value: " + cookie.getvalue( )+" <br/>"); } } else { out.println( "<h2>no cookies founds</h2>"); } %> </body> </html>
let us now put the above code in the main.jsp file and try to access it. it will display the following result −
cookies name and value
deleted cookie : first_name
name : first_name, value: john
name : last_name, value: player
now run http://localhost:8080/main.jsp once again and it should display only one cookie as follows −
found cookies name and value
name : last_name, value: player
you can delete your cookies in the internet explorer manually. start at the tools menu and select the internet options. to delete all cookies, click the delete cookies button.