• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

Creation of Cookie in Servlet

 
Ranch Hand
Posts: 41
Netscape Safari Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,


I am creating a Cookie inside a servlet based on the user info i.e. user name and password.
However i am storing the cookie information inside the text File instead of the database.

So, when the tries to hit the URL again ,then basically i check for the cookie name and if that cookie is already present then the user is not shown the login page again and is signed in without filling the user info again.

My question is :-

1) Is that the correct approach for achieving this functionality ?
2) When should i delete the cookies inside the text file?
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Lets use the right nomenclature.

Cookie refers to information sent between server and browser and back in Headers. Here is the IETF standard you should become familiar with.

It is up to you the designer to decide how to use/store/delete that information. A text file would become increasingly cumbersome as the number of users increases.

Note that the client's browser will delete the Cookie according to:
1. cookie lifetime rules
2. arbitrary cookie deletion by the user or such things as antivirus software

Bill
 
Manish Sahni
Ranch Hand
Posts: 41
Netscape Safari Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi William,

Thanks for your suggestion.

However if i will store some cookie value inside the text file and may be run some scheduler for deleting that cookie value after a certain period of time (Though it would be an increase in the overhead) was what i was thinking!!!

Actually to attain the Single Sign in functionality what would be more better approach.

Thanks and Regards



 
Ranch Hand
Posts: 544
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

However if i will store some cookie value inside the text file and may be run some scheduler for deleting that cookie value after a certain period of time (Though it would be an increase in the overhead) was what i was thinking!!!


er
You cannot do that with cookies. Cookies are deployed in the client browser and you cannot go and schedule a job to delete the cookie on n number of browser clients. When you set cookies you can set the lifetime of the cookie and browser will take care of this.

Moreover you need to come up with an approach how you plan to store username and password (if that is what you have decided) in a cookie. It should not be plain text as it would be dangerous.

Regards,
Amit
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

However if i will store some cookie value inside the text file and may be run some scheduler for deleting that cookie value after a certain period of time (Though it would be an increase in the overhead) was what i was thinking!!!



I think you are still missing the point. Any value(s) you store on the server are NOT cookie values - they are values which may or may not match what your clients send in the next request, as amit and I were trying to point out.

You should not be trying to reinvent user id security, unless it is just a learning exercise.

Bill
 
Wink, wink, nudge, nudge, say no more, it's a tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic