Home arrow Java & J2EE arrow Page 3 - The JSP Files (part 6): State Of Grace

A Few Ground Rules - Java

Now that you've mastered the basics, it's time to bring out thebig iron. This week, The JSP Files explores the various techniquesavailable to "maintain state" on a JSP-based Web site. Learn about theCookie and Session objects, find out how to build a cookie-based hitcounter, and read about a simple yet effective way of protecting sensitiveWeb pages with the Session object.

  1. The JSP Files (part 6): State Of Grace
  2. Wasted, Dude!
  3. A Few Ground Rules
  4. Learning To Write...
  5. ...And Read
  6. What's In A Name?
  7. Plan B
  8. Session Dissection
  9. Access Denied
By: Vikram Vaswani and Harish Kamath, (c) Melonfire
Rating: starstarstarstarstar / 5
March 26, 2001

print this article


Since cookies are used to record information about your activities on aparticular site, they can only be read by the site that created them. Forexample, Yahoo and Deja.com store your username in a cookie on your harddrive and use this information to automatically fill in log-in forms thenext time you visit their Web sites. It's kinda like going to a chicrestaurant, and having the maitre'd call you by name (something whichhasn't happened to us of late!)

Before getting into the nitty-gritty of cookie technology, a few groundrules are in order:

1. A single domain cannot set more than twenty cookies. A single cookiecannot exceed 4 KB in size. The maximum number of cookies that may be setis 300.

2. The most common method of transmitting a cookie to a client is via the"Set-Cookie" HTTP header.

3. A cookie usually possesses five types of attributes.

The first of these is a NAME=VALUE pair, used to store information such asa username, email address or credit-card number. The NAME is a string usedto identify the cookie, while the VALUE is the data to be stored in thecookie. For example,


The EXPIRES attribute defines the date on which the cookie is automaticallyremoved from the system. The date must be in the format "weekday, dd-mon-yy hh:mm:ss GMT". For example,

expires="Sun, 31-Dec-2030 17:51:06 GMT"

Cookies without a specifically defined expiry date remain active for solong as the browser remains open, and are destroyed once the browser isclosed. You can delete an existing cookie be setting this attribute to adate in the past.

The PATH attribute is used to set the top-level directory on the Web serverfrom which cookies can be accessed. In most cases, this is set to


to ensure that the cookie can be accessed by each and every document on theserver.

The DOMAIN attribute is used to specify the domain which the cookie islinked to, and the SECURE attribute indicates that a cookie should only beset if there exists a secure protocol between the browser and the server.

4. Of all the five attributes, the first is the only one that is notoptional.

5. Every good browser offers users the option to disable cookies. If a userdecides to exercise his or her right to do so, your cookies will not bestored, and any attempt to access them will fail. Users who do this areusually career criminals or tax evaders.

>>> More Java & J2EE Articles          >>> More By Vikram Vaswani and Harish Kamath, (c) Melonfire

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- More Java Bugs Lead to More Attacks
- Oracle's Java One Brings News, Surprises
- Oracle Patches Java Runtime Environment
- Apple Syncs Java Update with Oracle
- Spring 3.1 Java Development Framework Compat...
- Jelastic Java PaaS Availability and Pricing ...
- NetBeans 7.1 Released, Supports JavaFX 2
- SolarWinds Releases Newest Version of Java M...
- Free Monitoring Tool for Java Apps on Heroku
- Heroku Adds JCloud Platform Support, Java 7 ...
- Java SE 8 Speculation in Full Swing
- Java SE 7 Now Available
- New JVM Language and Java Reporting Tool
- Java 7 Release Update and New Eclipse Toolkit
- The Best Java Netbeans IDE Plugins

Developer Shed Affiliates


Dev Shed Tutorial Topics: