cookie : Java Glossary

go to home page C words local find full screen, hide local find menu Google search web for more information on this topic jump to foot of page translate this page with Babelfish by Roedy Green ©1996-2009 Canadian Mind Products
index page for letter ⇒ punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
cookie
A cookie is a technique a CGI server/Servlet womb can use to store information in an HTTP client for later retrieval to remind itself where it was in dealing with the client. You could think of a cookie as a laundry ticket that the client gives back to the server to remind it who the client is and what the client and server have done together in the past.

The cookie protocol, piggy-backed on HTTP is described in RFC 2965.

How Cookies Work Puzzles
Confidentiality Books
Obsolete Learning More
Modern Links

How Cookies Work

You can see the cookies you have accumulated in your Firefox surfing in a file called: C:\Documents and Settings\%username%\Application Data\Mozilla\firefox\Profiles\gt4rcgpi.default\cookies.txt. Here is what a typical cookie looks like inside the cookies.txt file:
That cookie allows google.com to remember my preferences when I use their search engine. I track the information for them in the Firefox cookie file. The cookie is somewhat incomprehensible, but it contains encoded information about me that the google server finds useful. A shopping cart web site might encode the contents of my shopping cart as a series of cookies.

The HTTP format of cookies in the HTTP header the server sends to the client is somewhat more human-readable. e.g.

Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT
Cookies are passed in http headers. Thus they must use a restricted set of characters, basically ASCII-7 less the characters that have special meaning in HTTP headers. One way do deal with the problem of awkward characters is to use URL-encoding. See url-encoding for how.

Confidentiality

The browser records the cookies with the site they came from, an expiry date, the cookie name and its value. They are exchanged quietly between the browser and the server without displaying them on the screen. Every time your browser makes a request of a domain/path for which it has a cookie, it automatically piggybacks the cookie in the HTTP Cookie: request header line to the server. The host does not have to request it.

Cookies can be used to track logins. The client sends in a an authentication cookie with each request to remind the server it is logged in and offers some proof it is, and a hint to who it is so the server can pick up the conversation where it left off.

Applets too can play with cookies, but only with the ones put there by the server from which they were loaded, or that were put there by Applets from that server. Applets can both read and write the cookies stored in the browser, just as the server can.

Handling Cookies in Obsolete Browsers and Java Applets

Tom Hall provided the following code snippet to allow an Applet to write a new cookie or to read the cookies it is permitted to see, without any help from the server. To delete a cookie, rewrite it with an expiry date in the past. Surprisingly, even though this code makes use of the Netscape JSObject, it works fine in Internet Explorer as well — no need to include the JSObject class files as they are packaged with IE’s Virtual Machine. For it to work, your APPLET tag must include the MAYSCRIPT option.

For early Java, you will also have to put the file \Program Files\netscape\communicator\program\java\classes\java40.jar on the classpath when you are compiling. In Java 1.4 JSObject comes bundled in jaws.jar. In Java 1.5+ it comes bundled in plugins.jar. Last revised: 2007-04-25 The IE browser will deal with finding the classes at run time. Unfortunately, the only browser I found that supports the official method [see code snippet below] is Internet Explorer 5.5/6.0.26. Not even Netscape 4.79 works!

I have only been able to get cookies to work the official way in IE 5.5, not Netscape or Opera. Best to always use the field-at-a-time method [see code snippet above]. It works in IE, Firefox, Opera, Safari and Netscape and likely the most of the others. You could also try with JavaScript read/write cookie functions.

Cookies In Modern Browsers, Java Servers and Applets

To handle cookies on the server you use javax.servlet.http. Cookie. The servlet sends cookies to the browser by using the HttpServletResponse. addCookie method. You should keep cookies under 4K and limit them to 20 per webserver, 300 cookies total. The server retrieves cookies sent it by the browser/Applet with HttpServletRequest. getCookies.

To handle cookies in a client Applet you use java.net. CookieHandler. You use the static method CookieHandler. getDefault to get you the CookieHandler registered to store and retrieve all cookies for the browser. You don’t have to write your own CookieHandler. Then you use the get method of the CookieHandler object to get a list of all the relevant fields. You write a system-wide cookie handler and register it with the HTTP transport mechanism.

I am not clear on how this is supposed to work. Please pass on any relevant lore. Here is my best shot so far:

Cookie Puzzles

My test program fails with a null CookieHandler.
  1. why does the JVM insist on me signing the Applet to call getDefault? Surely unsigned Applets are allowed to know their cookies.
  2. What do I have to do to get a non-null CookieHandler?
  3. Just what sort of thing does get want in the requestHeaders Map?
  4. If this did work, what do I do to get some cookies piggybacked on my HTTP messages to the server. Does the browser do that transparently once cookies are in the store?

Books

book cover recommend book⇒Core Web Programming, Second Edition
 paperback
ISBN13:978-0-13-089793-0clickcounter
ISBN10:0-13-089793-0clickcounter
publisher:Prentice Hall
published:2001-06-03
by:Marty Hall and Gary Cornell
1250 pages. This is a great doorstop of a book. It has a few chapters on client-server programming in Java, and a section of that is on CGI. I have looked at hundreds of Java books and found nothing that deals in depth with client side Java talking to CGI, except Marty’s book. It is really very simple and he does an excellent job of explaining it. Marty has posted all the source code examples from the book for anyone to use. These contain updates and errata fixes you don’t get on the CD-ROM that comes with the book.
UK flag abe books.co.uk abe books.ca Canadian flag
UK flag amazon.co.uk. amazon.ca. Canadian flag
German flag abe books.de chapters.indigo.ca . Canadian flag
German flag amazon.de. abe books.com American flag
French flag abe books.fr amazon.com. American flag
French flag amazon.fr. barnes and noble.com American flag
Italian flag abe books.it powells.com American flag
Spanish flag iberlibro.com abe books anz Australian flag
explains cookies clearly, and shows you how to write server code to read and write the cookies in your visitor’s browsers.

Learning More

Sun’s Product Info on the Servlet Cookie class
Sun’s Javadoc on the client CookieHandler class : available:
Sun’s Javadoc on the CORBA CookieHolder class : available:
HttpServlet docs : available:
CGI
Cookie Central
Cookie demo: does not need signing
HTTP
HTTP Client
JavaScript
Real Gagnon’s Cookie Example
socket
CMP homejump to top
CMP logo		 feedback Please email your feedback for publication, errors, omissions, broken/redirected link reports
and suggestions to improve this page to Roedy Green : feedback email
made with CSS
HTML Checked!
ICRA ratings logo
mindprod.com IP:[65.110.21.43]
Your face IP:[38.103.63.62] The information on this page is for non-military use only.
You are visitor number 25,196. Military use includes use by defence contractors.
You can get a fresh copy of this page from: or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror)
http://mindprod.com/jgloss/cookie.html J:\mindprod\jgloss\cookie.html