JSP and JSTL Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 3.09, 2006

Using Cookies

Part:   1  2  3  4  5 

JSP/JSTL Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

Using Cookies

Using JavaBean Classes

HTTP Response Header Lines

Non ASCII Characters

JSTL and Expression Language

File Upload

Execution Context

JSP Elements

JSP Standard Tag Libraries (JSTL)

JSP Custom Tag

... Table of Contents

(Continued from previous part...)

Here is simple JSP page that set cookies in different ways, CookieDump.jsp: 

<?xml version="1.0"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2">
<!--
 - CookieDump.jsp
 - Copyright (c) 2005 by Dr. Herong Yang, http://www.herongyang.com/
-->
<jsp:directive.page contentType="text/html"/>
<html><body>
<p>
<jsp:directive.page import="javax.servlet.http.Cookie"/>
<jsp:scriptlet><![CDATA[
// Setting a temporary cookie
   out.println("<b>Temporary cookie:</b><br/>");
   Cookie c = new Cookie("Language","English");
   response.addCookie(c);
   out.println("Name: "+c.getName()+"<br/>");
   out.println("Value: "+c.getValue()+"<br/>");
   out.println("Domain: "+c.getDomain()+"<br/>");
   out.println("Path: "+c.getPath()+"<br/>");
   out.println("MaxAge: "+c.getMaxAge()+"<br/>");
   out.println("Version: "+c.getVersion()+"<br/>");

// Setting a persisted cookie
   out.println("<b>Persisted cookie:</b><br/>");
   c = new Cookie("User","Herong Yang");
   c.setMaxAge(3*24*60*60);
   response.addCookie(c);
   out.println("Name: "+c.getName()+"<br/>");
   out.println("Value: "+c.getValue()+"<br/>");
   out.println("Domain: "+c.getDomain()+"<br/>");
   out.println("Path: "+c.getPath()+"<br/>");
   out.println("MaxAge: "+c.getMaxAge()+"<br/>");
   out.println("Version: "+c.getVersion()+"<br/>");

// Setting a temporary cookie with specified properties
   out.println("<b>Temporary cookie with domain defined:</b><br/>");
   c = new Cookie("Password","top_secret");
   c.setDomain("some.com");
   response.addCookie(c);
   out.println("Name: "+c.getName()+"<br/>");
   out.println("Value: "+c.getValue()+"<br/>");
   out.println("Domain: "+c.getDomain()+"<br/>");
   out.println("Path: "+c.getPath()+"<br/>");
   out.println("MaxAge: "+c.getMaxAge()+"<br/>");
   out.println("Version: "+c.getVersion()+"<br/>");

// Setting a persisted cookie with specified properties
   out.println("<b>Persisted cookie with domain defined:</b><br/>");
   c = new Cookie("Login","herong_yang");
   c.setMaxAge(3*24*60*60);
   c.setDomain("some.com");
   response.addCookie(c);
   out.println("Name: "+c.getName()+"<br/>");
   out.println("Value: "+c.getValue()+"<br/>");
   out.println("Domain: "+c.getDomain()+"<br/>");
   out.println("Path: "+c.getPath()+"<br/>");
   out.println("MaxAge: "+c.getMaxAge()+"<br/>");
   out.println("Version: "+c.getVersion()+"<br/>");
]]></jsp:scriptlet>
</p>
</body></html>
</jsp:root>

Now install CookieDump.jsp in tomcat default application directory. Then run HttpRequestGet.java: 

>java HttpRequestGet /CookieDump.jsp 8080

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B63F49ABFD8DF8A5DF0FDBCC92E317B9; Path=/
Set-Cookie: Language=English
Set-Cookie: User="Herong Yang"; Expires=(timestamp)
Set-Cookie: Password=top_secret; Domain=some.com
Set-Cookie: Login=herong_yang; Domain=some.com; Expires=(timestamp)
Content-Type: text/html;charset=UTF-8
Content-Length: 677
Date: (timestamp)
Connection: close

<html><body><p><b>Temporary cookie:</b><br/>
Name: Language<br/>
Value: English<br/>
Domain: null<br/>
Path: null<br/>
MaxAge: -1<br/>
Version: 0<br/>
<b>Persisted cookie:</b><br/>
Name: User<br/>
Value: Herong Yang<br/>
Domain: null<br/>
Path: null<br/>
MaxAge: 259200<br/>
Version: 0<br/>
<b>Temporary cookie with domain defined:</b><br/>
Name: Password<br/>
Value: top_secret<br/>
Domain: some.com<br/>
Path: null<br/>
MaxAge: -1<br/>
Version: 0<br/>
<b>Persisted cookie with domain defined:</b><br/>
Name: Login<br/>
Value: herong_yang<br/>
Domain: some.com<br/>
Path: null<br/>
MaxAge: 259200<br/>
Version: 0<br/>
</p></body></html>

As you can see, there 5 cookies included in the HTTP response header section. The first one is added by the JSP server. The other 4 are added by my JSP page.

Conclusion

  • Cookie is a piece of information the server is asking client the pass it back on the next request.
  • Cookie is best way to link multiple requests into a "session".
  • Cookies are generally safe to accept.
  • Persistent cookies are stored as files on client system.
  • Cookies are passed in HTTP request and response header section.
  • Setting and receiving cookies are easy to do in JSP pages.

Part:   1  2  3  4  5 

Dr. Herong Yang, updated in 2006
JSP and JSTL Tutorials - Herong's Tutorial Notes - Using Cookies