by Dinesh Thakur Category: Session And Cookies

The Hypertext Transfer Protocol (HTTP) is the network protocol that the web servers and the client browsers use to communicate with each other. The HTTP is a stateless protocol. A client browser opens a connection and requests for a resource from the web server. The web server then responds with a requested resource and closes the connection.

After closing the connection, the web server does not remember any information about the client. So any next request from the same client will be treated as a fresh request without any relation to the previous request. This is what makes HTTP a stateless protocol. This protocol works fine for simple web browsing where each request typically results in an HTML file being sent back to the client. This is because web server does not need to know whether a series of requests came from the same client or from a different client. However, maintaining state is important in just about any web application. The appropriate example is a shopping cart where user select items, add them to their shopping cart and continue shopping. If you want to associate a shopping cart with a user over multiple page requests, then you need some method of maintaing state. One way of maintaing state is to use cookies.

Cookies are small textual files that a web server may send to the user's web browser which in turn saves it to the hard disk (or if they are temporary in the web browser's memory). The server sends the cookie to the browser in response to an initial request. Subsequent request sends the same cookie back to the server, which enables the server to identify these requests as being from the same client. By letting the server read information it send to the client previously, the site can provide visitors with a numbers of benefits such as,

• Saving login identity i.e. user names.

Customizing sites : Many web sites now have pages where users can customize what they see when they arrive. After giving the user choice of layouts and color schemes, the site stores the preferences on the client's computer through the use of cookies. The user can return to the site at any time and get the previously configured page.

• Identifying a user during e-commerce session.

• It let sites remember which topics interest certain users and show advertisements relevant to those interests.

• Frequent visitor bonuses.

Bookmarks : Cookie let the use remember where he was when he last visited the site.

• Games : Cookie let remember the current or highest scores and present new

  challenges based on past answers and performance.

In the simplest form, cookies store data in the form of name-value pairs with certain additional attributes which are exchanged in the response and request headers. Each attribute/value pair is separated by a semicolon. The web servers send a cookie by sending the user-cookie response header in the following format

set-cookie: Name= Value; Comment= COMMENT; Domain= DOMAINNAME;

Max-age= SECONDS         ; Path= PATH; Secure; Version = 1*DIGIT


• Name is the name of the cookie.

• Value is the value this name can hold.

• Comment is an optional parameter that specifies the purpose associated with the cookie.

• Domain is an optional parameter that is used to specify the domain to which the cookie will be sent in future requests. By default, it is the host name of the domain that has sent the set-cookie header.

• Max-age is an optional parameter that specify how long (in seconds) the browser should keep the cookie before it expires.

• Path is an optional parameter that specifies the URL path for which the cookie

 is valid.

• The Secure parameter specifies whether the cookie should be sent only over a

  secure connection (HTTPS). By default its value is false.

In Java, cookies are created and manipulated via the javax.servlet.http.Cookie class. This class provides numerous methods. Some of the most commonly used ones are,



String getComment ()             

Returns the comment associated with the cookie.

String getDomain ()                

Returns the domain limitation associated with the Cookie.

int getMaxAge ()                     

Returns the maximum age allowed for this cookie.

String getPath ()

Returns the path limitation fort this servlet.

boolean getSecure ()               

Returns true if this cookie requires a secure connection.

String getName ()                    

Returns the name of the cookie.

String getValue ()                   

Returns the value of the cookie in string format.

void setComment

(String purpose)

Sets the comment that describe the cookie’s purpose.

void setDomain          

(String pattern)                                    

Specifies the domain within which the cookie should be presented.

void setMaxAge

    (int expiry)                      

Sets the maximum age of cookie in seconds.

void setPath  

(java.lang.String url)                                           

Specifies the path for the cookie to which the  client should return the cookie.

void setValue  

(java.lang.String newValue)                               

Assigns a new value to a cookie after the cookie is created.                       

                                            Some methods of Cookie class

About Dinesh Thakur

Dinesh ThakurDinesh Thakur holds an B.C.A, MCSE, MCDBA, CCNA, CCNP, A+, SCJP certifications. Dinesh authors the hugely popular blog. Where he writes how-to guides around Computer fundamental , computer software, Computer programming, and web apps. For any type of query or something that you think is missing, please feel free to Contact us.