Servlets-4b cookie question

Okay,

I've done some coding with cookies but without much luck.

So I did some research on jsp and cookies. I've concluded that the addCookie() method belongs on a jsp page and not in the VideoServlet application.

Is this the correct approach?

[I'll be away until Monday so be aware that I am ignoring any replies.]

I don't think so. I think all of the logic should go in the servlet. The jsp is for displaying a page only. But I, too, have had a real hard time with this cookie thing. Most of the material I read seems to assume some kind of prior knowledge, and I don't quite get the whole picture.
Cookies seem to be connected to Sessions, yet in my work on this assignment I haven't created a Session yet, but I was able to use Cookies. Of course my app doesn't work properly yet, but I find it all rather confusing. Anybody else out there confused by cookies?

Thanks Carol,

I went back to my VideoServlet code. After several experiments I was able to get a list of cookies to display in the Command screen. That was exciting. However, I cannot not figure out where these cookies are stored.

I even cleared the cookies from the IE browser then attempted to go back to http://localhost/videos/servlet/VideoServlet. The Command screen displayed a nullpointer exception, which is a good thing. It means the cookies were deleted. Usually I can locate a folder on my system that lists all the cookies. This does not occur when using orion.

Do you know where tha cookies are stored?

Thanks,

Mark

Hi all, especially Carol,

Have not bothered to find where the cookies are being stored.

I have managed to get a working 'secured' application.

A user, or a hacker, is prevented from accessing the following URLs:

http://localhost/videos/servlet/VideoServlet?action=addvideo
http://localhost/videos/servlet/VideoServlet/addvideos.jsp
http://localhost/videos/servlet/VideoServlet/listvideos.jsp

In all cases these urls return to:

http://localhost/videos/servlet/VideoServlet/

The above urls are accessible when cookie "favorite_cheese' has the value "extra stinky bloo cheese". The VideoServlet.java code checks the cookie each time a page is accessed.

When the Log out button is clicked, the 'cheese' cookie is set to a different value, thus preventing the other pages from being displayed. This required a lot of experimentation before I got it to work.

Much to my puzzlement is that the cheese cookie disappears when I close and restart the browser. Mind you, this is convenient for this assignment.

There is a relationship between cookies and sessions. So far, however, my code does not make any use of Session IDs except that I see them listed as one of the cookies.

I'm confused, Mark. You cleared the cookies from IE and they were gone from Opera?

You don't need to know where the cookies are stored to use them. Different browsers store them in different places.

Perhaps you have your browser set to delete cookies when you close that browser?

Cookies do not rely on sessions (except the session cookie that the jsp creates that you noticed, which we're not interested in). Cookies can be set to persist for years, regardless of how many sessions are open or closed (unless the browser is set to delete them). For example, when I come to JavaRanch saloon using my home computer, I don't have to login each time because the cookie is set to remember me. Not only do I close and reopen my browser, but I turn off my computer and restart it. The cookie remains. When I'm using a public computer, I have to remember to log out when I'm done. However, the first time I use a different browser on the same computer I have to login again, because the cookie is browser specific.

Hi all,

Re: Clearing cookies. Disregard my comments about clearing cookies. I was using IE and still have not figured our what is going on with this browser. Let's just blame Microsoft.

Use Firefox. I can see the cookies I created by going to Tools > Options > Privacy > View Cookies. Much to my delight my cookies show up.

Firefox is such a nice browser

Mark

Originally posted by Mark Beattie:



A user, or a hacker, is prevented from accessing the following URLs:

http://localhost/videos/servlet/VideoServlet?action=addvideo
http://localhost/videos/servlet/VideoServlet/addvideos.jsp
http://localhost/videos/servlet/VideoServlet/listvideos.jsp

In all cases these urls return to:

http://localhost/videos/servlet/VideoServlet/

The above urls are accessible when cookie "favorite_cheese' has the value "extra stinky bloo cheese". The VideoServlet.java code checks the cookie each time a page is accessed.

When the Log out button is clicked, the 'cheese' cookie is set to a different value, thus preventing the other pages from being displayed. This required a lot of experimentation before I got it to work.

Much to my puzzlement is that the cheese cookie disappears when I close and restart the browser. Mind you, this is convenient for this assignment.

I'm pretty sure my code does the same thing. My version sets the cookie value to "allowed" if the password is correct, and changes the value to "not allowed" when the log out button is clicked. However, unlike your app, when my browser closes the cookie doesn't dissappear.
I haven't had a lot of time to spend on the drive right now due to a couple of other projects I've got going, but I'd be interested to know what the nitpicker says about your code, if that's okay. I'd like to compare it with what my nitpick said. Keep up the good work!