Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Where to handle cookies  RSS feed

 
Dhananjay Inamdar
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I am working on re-engineering of one of the ASP based application. New technology selected for this project is JSF, Spring, IBatis.

ASP application was storing many things in cookies and business logic is heavily depending on the values stored in cookies. As ASP doesn't have separation of layers, so there is no problem for that application.

I am not clear how should we go with this cookies in Java world. From business point of view cookies are manadatory in new application also.
I have following questions

- Where should I write a logic to create a cookie?
- How should I access a cookie value in business layer?
- How should I update the cookie value from business logic layer?

Please let me know your comments.

Thanks in advance!


Regards,
 
g madhava
Ranch Hand
Posts: 85
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cookies most likey were used in your previous ASP application in order to manage the session attributes.

However in the Java-world, you can directly work with the HttpSession API that takes care of the session management. The HTTP Session API is more sophisticated, and you should take a look at it.
 
Dhananjay Inamdar
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Madhava,

Thanks for the reply!

I am agree with the term that in J2EE I can use HTTPSession attributes as a replacement of Cookies. But as I mentioned in my question it is still mandatory for us to create cookies. The reason behind this is we are converting this big ASP application in J2EE module-by-module and till we convert last ASP module we have to host ASP and J2EE sites side by side.

Now login page will be in a J2EE and after login process we do need to create required cookies for ASP application. Parallely after login we will create HTTPSession attributes required in J2EE app.

My confusion is how and where to create/read the cookies in JSF-Spring aaplication.

Please reply !

Thanks,
[ May 25, 2006: Message edited by: Dhananjay Inamdar ]
 
Tim Holloway
Bartender
Posts: 18704
71
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, based on the requirements, I'd probably try to write a servlet filter that intercepted the cookies and stuffed them into session objects before the JSF code got called and did the opposite on the outbound response. That would allow you to develop transparently.

Cooikies are a very bad place to hold sensitive data, because they're easily hacked by people outside the system. I only use them for non-critical data that I want to persist on the user's computer instead of wasting space on the server. You'll be better off when you're rid of them.
 
Dhananjay Inamdar
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim,

Thanks for a great reply!

I was thinking on your suggested approach, of introducing one more filter to handle cookie's transformation to session variables and vice versa.

Application behaviour is like as follows
- ASP application is heavily depends on cookies and client now don't want to invest money in ASP changes, to remove cookie dependency
- Login page will be in J2EE, so its J2EE application's responsibility to create cross domain cookies required by ASP application
- ASP application will assume that cookies are there and will cotinue working as current
- One of the use of cookie in ASP application is to rebuuild a user session on different server if primary server is going down because of any reason

Consifering all the above mentioned points we need to support cookies in JSF also.

Please let me know your comments.

Thanks
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!