This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Creation of Cookie in Servlet

 
Manish Sahni
Ranch Hand
Posts: 41
Java Netscape Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,


I am creating a Cookie inside a servlet based on the user info i.e. user name and password.
However i am storing the cookie information inside the text File instead of the database.

So, when the tries to hit the URL again ,then basically i check for the cookie name and if that cookie is already present then the user is not shown the login page again and is signed in without filling the user info again.

My question is :-

1) Is that the correct approach for achieving this functionality ?
2) When should i delete the cookies inside the text file?
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13077
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lets use the right nomenclature.

Cookie refers to information sent between server and browser and back in Headers. Here is the IETF standard you should become familiar with.

It is up to you the designer to decide how to use/store/delete that information. A text file would become increasingly cumbersome as the number of users increases.

Note that the client's browser will delete the Cookie according to:
1. cookie lifetime rules
2. arbitrary cookie deletion by the user or such things as antivirus software

Bill
 
Manish Sahni
Ranch Hand
Posts: 41
Java Netscape Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi William,

Thanks for your suggestion.

However if i will store some cookie value inside the text file and may be run some scheduler for deleting that cookie value after a certain period of time (Though it would be an increase in the overhead) was what i was thinking!!!

Actually to attain the Single Sign in functionality what would be more better approach.

Thanks and Regards



 
amit punekar
Ranch Hand
Posts: 544
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
However if i will store some cookie value inside the text file and may be run some scheduler for deleting that cookie value after a certain period of time (Though it would be an increase in the overhead) was what i was thinking!!!

er
You cannot do that with cookies. Cookies are deployed in the client browser and you cannot go and schedule a job to delete the cookie on n number of browser clients. When you set cookies you can set the lifetime of the cookie and browser will take care of this.

Moreover you need to come up with an approach how you plan to store username and password (if that is what you have decided) in a cookie. It should not be plain text as it would be dangerous.

Regards,
Amit
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13077
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
However if i will store some cookie value inside the text file and may be run some scheduler for deleting that cookie value after a certain period of time (Though it would be an increase in the overhead) was what i was thinking!!!


I think you are still missing the point. Any value(s) you store on the server are NOT cookie values - they are values which may or may not match what your clients send in the next request, as amit and I were trying to point out.

You should not be trying to reinvent user id security, unless it is just a learning exercise.

Bill
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic