Home > Articles > Programming > Java

  • Print
  • + Share This
This chapter is from the book

The Cookie Class

Cookies—you either love them or hate them. They're small text strings you store on a user's computer. In the early days of cookies, people were very suspicious of them, but the truth is that they're simply text and can't cause problems (unless there are security problems in the user's browser that have not yet been exploited by hackers).


Although cookies are widely regarded as safe, many users are still wary of them, and have instructed their browsers not to accept them. If you can't set a cookie in the client browser you're working with, you might try another method of storing data, such as hidden controls. Technically, a browser is expected to support 20 cookies for each Web server; about 300 cookies total—and might limit the size of each cookie to 4KB of text.

A cookie's value can identify a user, so they are commonly used for session management. Cookies have a name and a value, and you can use methods of the Cookie class (the full name, including the Java package, is javax.servlet.http.Cookie) to get access to that data. You can also include comments in cookies and set their maximum possible ages.

Your JSP code sends cookies to the browser by using the HttpServletResponse.addCookie method. This method stores data in the HTTP response headers it sends to the browser, including the cookies you're creating.

The browser returns cookies to you by storing data in HTTP request headers. You can get cookie data using the HttpServletRequest.getCookies method, as you'll see in the upcoming examples.

You'll see how this all works in detail in today's work. You can see the methods of Cookie objects (that is, the javax.servlet.http.Cookie class) in Table 7.1.

Table 7.1 javax.servlet.http.Cookie Methods


Does This

Cookie(java.lang.String name, java.lang.String value)

Creates a cookie with a given name and value.

java.lang.Object clone()

Returns a copy of the cookie.

java.lang.String getComment()

Returns the cookie's comment, or null if the cookie has no comment.

java.lang.String getDomain()

Returns the domain name for the cookie.

int getMaxAge()

Returns the maximum age of the cookie, in seconds. A value of -1 indicates the cookie will exist until browser shutdown.

java.lang.String getName()

Returns the name of the cookie.

java.lang.String getPath()

Returns the path on the server so that the browser returns the cookie.

boolean getSecure()

Returns true if the browser is sending cookies only over a secure protocol.

java.lang.String getValue()

Returns the value of the cookie.

int getVersion()

Returns the version of the protocol for the cookie.

void setComment(java.lang.String comment)

Sets a comment that describes a cookie's purpose.

void setDomain(java.lang.String domain)

Specifies the domain for the cookie.

void setMaxAge(int expiry)

Sets the maximum age of the cookie in seconds.

void setPath(java.lang.String uri)

Sets the path for the cookie (that is, the path by which the browser will send the cookie).

void setSecure(boolean flag)

Indicates to the browser if cookies should only be sent using a secure protocol (such as HTTPS).

void setValue(java.lang.String value)

Assigns a new value to a cookie after the cookie is created.

void setVersion(int version)

Sets the version of the cookie protocol for the cookie.

So how do you create a cookie? You use the addCookie method of the HttpServletResponse class, and that class is coming up next.

  • + Share This
  • 🔖 Save To Your Account