What is the practical utility of setDomain() method in Cookie class.
Now, I also twice gave servlet and JSP training courses in Japan. Suppose that I therefore went to http://japan.sometravelsite.com/. When I did so, I wouldn't be automatically recognized, since the default behavior of browsers is to return cookies only to the exact same hostname that they got them from. But, assuming that the developers at sometravelsite.com wanted this type of access to work across the subdomains, they could each do theCookie.setDomain(".sometravelsite.com").
Does it not present a security concern, where I can overwrite cookies stored by servers in other domains.
Well, the browser will reject requests to set the domain if the server is not part of that domain. So, for example, a site at oracle.com couldn't setDomain to sybase.com. Also, browsers will disallow ".com" and similar things as the domain. Still, it is possible for japan.sometravelsite.com to arrange it so that a visitor there sends unexpected cookies to australia.sometravelsite.com.
Note, however, that this is nothing to do with servlets and JSP. This is simply how cookies already work. The setDomain method merely sends the standard option that browsers already support.
So, the only code that actually wrote the cookie knows those details about the cookies and hence manipulate further via deleting cookies and all...
This also means that if we want to delete a cookie then we have to know "all" parameters with which it was set and re-add the cookie with expire time in past which will instruct browser to delete the cookie...in essense nobody else can delete a cookie just like that...Nor anynody can read the whole cookie just like that!!
This also means that if we want to delete a cookie then we have to know "all" parameters with which it was set
I thought just setMaxAge(0) would suffice to delete a cookie, contained in cookie array returned by the client's browser.
[ November 12, 2003: Message edited by: Mohan Panigrahi ]