9.1 Cookie Overview Cookies is a small amount of plain text information sent by the server to the browser. When the user enters the same web server, the browser will send them to the server. By letting the server reads the information you originally saved to the client, the website can provide the viewer to provide a series of convenience, such as the user identity in the online transaction process, and the security requirements are not high to avoid user repeated input name and password, portal The home page is customized, targetedly putting advertisements, and so on. The purpose of cookie is to bring convenience to users, bring value to the website. Although there are many mistakes, in fact, cookies will not cause serious security threats. Cookie will never be executed in any way, so there will be no virus or attack your system. In addition, since the browser is generally only allowed to store 300 cookies, each site stores up to 20 cookies, each cookie size is limited to 4 KB, so the cookie will not be full of your hard drive, and it will not be used as "refusal." Service "attack means. 9.2 SERVET Cookie API To send cookies to the client, servlet first creates one or more cookies (2.1) with the appropriate name and value, set various properties with cookie.setxxx ( Section 2.2), add the cookie to the response head (Section 2.3) via response.addcookie (cookie). To read from the client, servlet should call the request.getCookies (), and the getCookies () method returns an array of cookie objects. In most cases, you only need to use the individual elements of the array to find the cookie of the array, and then call the getValue method to get the value associated with the specified name, this part of this session will be discussed in Section 2.4. 9.2.1 Creating a cookie Call Cookie object constructor can create a cookie. The constructor of the cookie object has two string parameters: cookie name and cookie value. Names and values cannot contain blank characters and the following characters: [] () =, "/? @:; 9.2.2 Read and set the cookie property Before adding the cookie to the response head to be sent, you can view or set the cookie Various properties. In summary These methods: getcomment / setcomment Get / set the cookie annotation. GetDomain / setdomain Get / set the cookie applicable domain. Generally, cookies only returns the identical server that is exactly the same as sending it. The method here can indicate that the browser returns the cookie to other servers in the same domain. Note that the domain must start with a point (for example, .sitename.com), non-national domain (such as .com, .edu, .gov) must contain two For a point, the country's domain (such as .com.cn, .edu.uk) must contain three points. GetMaxage / setMaxage Get / set the time before the cookie expires, in seconds. If this value is not set, Cookie is only It is valid within the current session, which is valid before the user closes the browser, and these cookies will not be saved to the disk. See below about longLivedCookie. GetName / SetName Get / set the name of the cookie. Essentially, the name and value are us Always care two parts.
Since the GetCookies method of HTTPSERVLETREQUEST returns a Cookie object array, therefore usually uses a loop to access this array to find a specific name, and then check its value with getValue. getPath / SetPath Gets / Sets the path to Cookies. If the path is not specified, the cookie will return to all the pages in the current page where the current page is located and its subdirectory. The method here can be used to set some more general conditions. For example, someCookie.SetPath ("/"), at which time all pages on the server can receive the cookie. GetSecure / SetSecure Gets / Sets a Boolean value that represents whether cookies can only be sent by encrypted connections (ie SSL). GetValue / SetValue Gets the value of / set the cookie. As mentioned earlier, the names and values are actually two aspects we have always cared. However, there are also some exceptions, such as using the name as a logical tag (that is, if the name exists, it means true. GetVersion / SetVersion Gets / Sets the protocol version of the cookies. The default version 0 (complies with the original Netscape specification); version 1 follows RFC 2109, but has not been widely supported. 9.2.3 Setting Cookie cookies in your response head to join the set-cookie response head with the AddCookie method of HttpservletResponse. Here is an example: cookie usercookie = New cookie ("User", "UID1234"); response.addcookie (userCookie); 9.2.4 Read Save to the client to send cookies to the client, first create a cookie, Then send a SET-Cookie HTTP response head with AddCookie. These contents have been described above in Top 2.1. The getCookies method that calls HTTPSERVLETREQUEST when reading cookies from the client. This method returns an array of cookie objects corresponding to content in the HTTP request header. After getting this array, it is generally used to access the individual elements in the loop, call GetName to check the names of each cookie until the target cookie is found. Then, the GetValue is then called to this target cookie, and other processing is performed according to the result. The above processing process often encounters, and provides a getCookieValue method for the convenience meter. Just give the cookie object array, the cookie name, and defaults, the getCookieValue method returns a cookie value that matches the specified name. If you can't find the specified cookie, return the default value. 9.3 Several Cookie Tools Functions are several tool functions. Although these functions are simple, it is useful when dealing with cookies. 9.3.1 Getting a cookie value of the specified name This function is part of ServletUtilities.java. GetCookieValue sequentially accesses the various elements of the cookie object array via a loop, finds a cookie for specifying the name, if you find it, return the value of the cookie; otherwise, return the default value given in the parameter. GetCookieValue can simplify the extraction of the cookie value to a certain extent.
public static String getCookieValue (Cookie [] cookies, String cookieName, String defaultValue) {for (int i = 0; i package hall; import java.io *;. import javax.servlet *;. import javax.servlet.http *;. import java.net *;. public class SearchEnginesFrontEnd extends HttpServlet {public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {Cookie [] cookies = request.getCookies (); String searchString = ServletUtilities.getCookieValue (cookies, "searchString", "Java Programming"); String numResults = ServletUtilities.getCookieValue (cookies, "numResults", "10" ); String searchEngine = ServletUtilities.getCookieValue (cookies, "searchEngine", "google"); response.setContentType ( "text / html"); PrintWriter out = response.getWriter (); String title = "Searching the Web"; out .printutilities.headwithtitle (title) searching the Web h1> \n " "\N" "