8.7 Differentiating Session Cookies from Persistent Cookies

8.7 Differentiating Session Cookies from Persistent Cookies

This section illustrates the use of the cookie attributes by contrasting the behavior of cookies with and without a maximum age. Listing 8.2 shows the CookieTest servlet, a servlet that performs two tasks :

1. First, the servlet sets six outgoing cookies. Three have no explicit age (i.e., have a negative value by default), meaning that they should apply only in the current browsing sessionuntil the user restarts the browser. The other three use setMaxAge to stipulate that the browser should write them to disk and that they should persist for the next hour , regardless of whether the user restarts the browser or reboots the computer to initiate a new browsing session.

2. Second, the servlet uses request.getCookies to find all the incoming cookies and display their names and values in an HTML table.

Figure 8-5 shows the result of the initial visit, Figure 8-6 shows a visit immediately after that, and Figure 8-7 shows the result of a visit after the user restarts the browser.

Listing 8.2 CookieTest.java

 package coreservlets; import java.io.*; import javax.servlet.*; import javax.servlet.http.*; /** Creates a table of the cookies associated with  *  the current page. Also sets six cookies: three  *  that apply only to the current session  *  (regardless of how long that session lasts)  *  and three that persist for an hour (regardless  *  of whether the browser is restarted).  */ public class CookieTest extends HttpServlet {   public void doGet(HttpServletRequest request,                     HttpServletResponse response)       throws ServletException, IOException {     for(int i=0; i<3; i++) {       // Default maxAge is -1, indicating cookie       // applies only to current browsing session.  Cookie cookie = new Cookie("Session-Cookie-" + i,   "Cookie-Value-S" + i);   response.addCookie(cookie);   cookie = new Cookie("Persistent-Cookie-" + i,   "Cookie-Value-P" + i);  // Cookie is valid for an hour, regardless of whether       // user quits browser, reboots computer, or whatever.  cookie.setMaxAge(3600);   response.addCookie(cookie);  }     response.setContentType("text/html");     PrintWriter out = response.getWriter();     String docType =       "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +       "Transitional//EN\">\n";     String title = "Active Cookies";     out.println(docType +                 "<HTML>\n" +                 "<HEAD><TITLE>" + title + "</TITLE></HEAD>\n" +                 "<BODY BGCOLOR=\"#FDF5E6\">\n" +                 "<H1 ALIGN=\"CENTER\">" + title + "</H1>\n" +                 "<TABLE BORDER=1 ALIGN=\"CENTER\">\n" +                 "<TR BGCOLOR=\"#FFAD00\">\n" +                 "  <TH>Cookie Name\n" +                 "  <TH>Cookie Value");  Cookie[] cookies = request.getCookies();   if (cookies == null) {   out.println("<TR><TH COLSPAN=2>No cookies");   } else {   Cookie cookie;   for(int i=0; i<cookies.length; i++) {   cookie = cookies[i];   out.println("<TR>\n" +   "  <TD>" + cookie.getName() + "\n" +   "  <TD>" + cookie.getValue());   }   }  out.println("</TABLE></BODY></HTML>");   } }