Saving Client State with Cookies and Java - Cleaning Up: Getting Rid of Cookie Crumbs

(Page 6 of 6 )

To delete a cookie, you can use the setMaxAge method of the Cookie class. Using a method argument of zero, the cookie on the client side will be effectively deleted.  This is demonstrated in CookieCrumbDeleterServlet.java which is shown in Listing 4.


import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax
 .servlet
 .http
 .HttpServletRequest;
import javax
 .servlet
 .http
 .HttpServletResponse;
public class CookieCrumbDeleterServlet
 extends HttpServlet
 implements Servlet
{
 public void doGet(
  HttpServletRequest request,
  HttpServletResponse response)
  throws ServletException, IOException
 {
  Cookie[] cookies =
   request.getCookies();
  String cookieExtract = null;
  Cookie cookieToDelete = null;
  for (int i = 0;
   i < cookies.length;
   i++)
  {
   if (cookies[i]
    .getName()
    .equals("FavoriteCookieType"))
   {
    cookieToDelete =
     cookies[i];
    // mark for deletion by client by setting max age to zero
    cookieToDelete
     .setMaxAge(
     0);
   }
  }
  //  add the cookie to the response back to the client
  response.addCookie(
   cookieToDelete);
  response.setContentType(
   "text/html");
  PrintWriter out =
   response.getWriter();
  out.println(
   " "
    + "");
  out.println(
   " 
<H2>I just deleted your cookie.</H2>");
  out.println("");
 }
 public void doPost(
  HttpServletRequest request,
  HttpServletResponse response)
  throws ServletException, IOException
 {
  doGet(request, response);
 }
}



Listing 3: CookieCrumbDeleterServlet.java

Conclusion

Giving your clients a “memory” is a highly needed feature in many web applications.  One can leverage techniques such as persisting to a database, but in many cases, one can leverage the facility of cookies which most popular browsers support.  A word of caution though, many browsers give users the option to block cookies (see Figure below of Microsoft Internet Explorer’s Advanced Privacy Settings).

Figure 7: Internet Explorer Allows Users the Ability to Block Cookies 

Consequently, when one designs their web applications and considers the user of cookie technology, they should take the ability for clients to block cookies and delete cookies into major consideration.

Background Information: Fundamentals of Java Servlets 

Resources
Servlet API
Handing Cookies Using the java.net.* API
Netscape Cookie Specification

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Saving Client State with Cookies and Java

>>> Be the FIRST to comment on this article!