Cookies

Is it possible to find out from a servlet whether the browser at the client end support Cookies.
For eg many web sites inform that to access their page Cookies have to be supported. If Cookies are not supported then the site exits saying Cookies are not supported.

yes, all you have to do is
Cookie[] cookies; cookies = request.getCookies(); if (cookies != null) { ...
if they accept cookies, it wont be null.
------------------
Dont blindly believe everything I say.

Originally posted by Bharatesh H Kakamari:
Is it possible to find out from a servlet whether the browser at the client end support Cookies.
For eg many web sites inform that to access their page Cookies have to be supported. If Cookies are not supported then the site exits saying Cookies are not supported.

you can check whether browser is support cookies using method getCookies()
example:
Cookie cookies[] = request.getCookies();
if (cookies != null) {
for (int i=0; i < cookies.length; i++) {
cookie = cookies[i];
if (cookie.getName() != null &&
cookie.getValue() != null &&
cookie.getName().equals(name)) {
value = cookie.getValue();
break;
}

If the browser does not support cookies, or if cookies are disabled, you can still enable session tracking using URL rewriting. URL rewriting essentially includes the session ID within the link itself as a name/value pair. However, for this to be effective, you need to append the session ID for each and every link that is part of your servlet response.

------------------

Wouldn't the getCookies() method also return null if the person had just cleaned out their cookies file? It wouldn't happen very often, but it's something to consider.

"kumard",
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at http://www.javaranch.com/name.jsp . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Posts which contravene the naming convention are not eligible to win books! Please choose a new name which meets the requirements.

Thanks.

You can use Url re-writing & cookies Both in the code if the rowser doesnot support cookies then it will follow URL re-writing.
Regards
Bidyut

What will happen if the browser doesn't support cookies and when we use addCookie() method?

You can use Url re-writing & cookies Both in the code if the rowser doesnot support cookies then it will follow URL re-writing.
Regards
Bidyut

A reliable way to find out if a browser accepts cookies or not is, a checkServlet should drop a cookie purposly and try to get back the same cookie.
The getCookies() will return null for the following cases.
1. The browser itself may not support cookies
2. The browser may support but the user could have disabled the feature
3. The browser may support and the user also enabled the feature but there are no cookies set at user's machine
So we can't say what's the real reason. So a better approach could be, we send a cookie ourself and try to get it back.
regds
maha anna

maha is correct of course. getCookies() wouldnt take into account the slim chance that cookies are enabled but the person just deleted them all. So sending and retrieving one is better. Just a bit more coding. Oftentimes you will probably want to send them one anyway.

if cookies are disabled this means that the session object is not available to us is this correct ? we can't use it right ? now this is just a qquestion let's say cookies are working and i am using session to store some object temporarily in it for later use , where would i store it if the session object is not available to me ? do i serialize it and store it in a file later ? how would one handle this ?
------------------
Val SCJP
going for SCJD

Thanks all for the detailed explanation related to Cookies. Maha Anna is one of the persons without whose contributions to this site I would not have completed my SCJP2 41 mock exams are a journey to SCJP2.

val,
In servlets session management is done like this.
For a web application there is a master session hashtable.
Master sessions Hashtable
-------------------------
Key value
---------------
ssnId1 ref_to_another_Hashtable_obj (assume it is HT1) // got from request.getSession("true")
ssnId2 ref_to_another_Hashtable_obj (HT2) //same as above
ssnId3 ref_to_another_Hashtable_obj (HT3)

HT1
---
Key value
-------------------
"fname" "val" // upd from session.setAttribute("fname","val")
"lname" "dra" // upd from session.setAttribute("lname","dra")
Basically how session management is done is , when the appln creates a new session for each user, the session object's ref (in other words sessionId) is kept in a master sessions table AND sent to browser when some data is sent to browser.
The sessionId has to be returned back to servlet from the browser when next time another request comes from the same user in order to keep track of the same user. So somehow we have to store the sessionId at user. It is done in one of 2 ways.
1. steal a very small chunk of user's hard disk and save it as cookie
2. Or append the sessionId purposly with each link from the pages of your appln which are all makes a request to web appln. It is called URL-rewriting.
Coming back to your question,
Cookies disabled does mean the session is lost if and only if our session management is done using only cookies.
If we follow the routine work of url-rewriting, then we can still make the sessions alive though the cookies can't be accepted at the browser.There are methods available as response.encodeUrl / response.encodeRedirectUrl etc to append the sessionIds to links.
I try to cut and paste some related code from one of web applns when i followed this approach soon.
regds
maha anna

thanks, it's just that in asp if the cookies are disabled the use of session is useless because you can't keep track of the user using session then but like you said there was an option of urlrewriting.It's improovement i see in jsp over asp.

Originally posted by Frank Carver:
"kumard",
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at http://www.javaranch.com/name.jsp . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Posts which contravene the naming convention are not eligible to win books! Please choose a new name which meets the requirements.

Thanks.

Frank, why do you guys allow a user to register with one word in the first place?

The software that JavaRanch is built on is UBB. It does not do any edits on what the user ID can be. If Paul tries to hack into the base software (which is NOT java) then each time he upgrades he has to re-work the hacks.
He is currently saving up for an upgrade to UBB6. So any ideas for hacks are not well timed even if he chose to try them.