• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

A newbie questions about cookie

 
Ranch Hand
Posts: 77
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, I've made a very simple servlet/jsp to study how cookies work. During my test I saw a behaviour that I don't understand. In my index.jsp there is the following code to show all the saved cookie in my browser:


If a clean all the cookies in the browser and after start my application, that page doesn't show any cookie not even the JSESSIONID cookie. But if I open the Chrome settings, I can see that cookie. After reloading page I can see correctly that cookie.
In the same way, if I write some code in the servlet to add a simple test cookie, it's correctly sent to the browser but it's not showed in the table. To do that I have to reload page:

I think I'm missing something about how the the things work...
Could someone be so patience (...and excuse my bad English...) and explain me why this happens? Thank you for the attention
 
Bartender
Posts: 2856
10
Firefox Browser Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Emanuele Mazzante wrote:If a clean all the cookies in the browser and after start my application, that page doesn't show any cookie not even the JSESSIONID cookie.


When you first go to the JSP in your browser, there is no cookie created yet for the ${cookie} because the client has not yet sent any cookies to the server and ${cookie} will be evaluated at the server.
The cookies are created on the browser and that is why you can see them using browser tools.
On the form submit or page reload, cookies already created are sent to the server which are reflected in the variable.
To put everything in a dialogue, possible conversation would be as follows.

Client: Hey server, nice place, may I come in?
Server: Sure, welcome. Been here before recently?
Client: Nope, was not here before.
Server: Here is your visitor pass (with some rough details). I call it a cookie which helps me know something about you in your future visit.
Client: Cool then, I will have it with me, bye for now.
<Some unknown time passes>
Client: Hey server, I am back, recognize me?
Server: You have the cookie on you?
Client: Oh yes yes, here.
Server: Ah I see your pass is still valid and you visited some random time ago. Good to have to back.
blah blah blah..



Your knowing about cookies and how they work is probably correct with only addition of when the server sees the cookie from client.
 
Amit Ghorpade
Bartender
Posts: 2856
10
Firefox Browser Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Emanuele Mazzante wrote:Could someone be so patience (...and excuse my bad English...) and explain me why this happens?


In my opinion, Coderanch takes pride in helping folks who want to know and learn, providing appropriate solutions and in a friendly manner.
 
Emanuele Mazzante
Ranch Hand
Posts: 77
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First of all, many thanks for your kind reply.

Amit Ghorpade wrote:
When you first go to the JSP in your browser, there is no cookie created yet for the ${cookie} because the client has not yet sent any cookies to the server and ${cookie} will be evaluated at the server.
The cookies are created on the browser and that is why you can see them using browser tools.
On the form submit or page reload, cookies already created are sent to the server which are reflected in the variable.
To put everything in a dialogue, possible conversation would be as follows.


Maybe I misunderstood what is written in my book (Murach's Java Servlets & JSP): at first the browser requests a JSP or servelt. The servlet engine creates a session object and assigns ad ID for the session then the server returns the requested page and the ID for the session (which I suppose it's a cookie...). Reading that I thought that the server returns to the client the index.jsp along with JSESSIONID cookie so the the browser can render the page and elaborate the cookie.

Amit Ghorpade wrote:In my opinion, Coderanch takes pride in helping folks who want to know and learn, providing appropriate solutions and in a friendly manner.


In my opinion, Coderanch is a forum with the most kindly people (like you...) I have ever seen. It's not so easy to meet someone that take care of such a simply newbie question. Thank you again for the explanation.
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Amit Ghorpade wrote:
When you first go to the JSP in your browser, there is no cookie created yet for the ${cookie} because the client has not yet sent any cookies to the server and ${cookie} will be evaluated at the server.
The cookies are created on the browser and that is why you can see them using browser tools.



Actually, you've got that backwards. No cookies at all exist when you first direct a browser to a website. How, after all, is the client going to know beforehand what cookies are going to be used? It's not like there's a universal standard. Even common ones like jsessionid are specific to the platform (and usage) of the server that you haven't (yet) contacted - and therefore don't (yet, if ever) know what platform it's running.

The neat thing about Java when it comes to HTTP is that Java's standard Http connection object automatically handles cookies, once cookies are in play. You don't have to manually inject them into each request, as the connection object makes sure that they get picked up from HTTP server responses and that subsequent client requests made via that class object automatically send them back again.

The server constructs cookies. Some cookies (such as jsessionid) are constructed by the server itself. Some are constructed by the web application program. They are all sent as part of the HTTP Response stream to the client (as part of the headers). The client then caches them and sends them back on the next and subsequent Request(s) - if any. Subject to the constraint that cookies come with an expiration date/time and once that expiration time has passed, the client destroys its copy of the cookie and no longer transmits it.

The jsessionid cookie is an interesting one, since it gets repeatedly passed from server to client to server over and over again. It anchor's the user's identity so that multiple users can work with a webapp without anything getting routed to the wrong user. As I said, that particular cookie is created by the web application server, and applications (whether client-side or server-side) meddle with it directly at their peril, since its contents can change without notice. As long as you leave it alone and let the client and server default cookie mechanisms deal with it, you're OK.
 
Emanuele Mazzante
Ranch Hand
Posts: 77
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank for your kindly attention.

Tim Holloway wrote:The server constructs cookies. Some cookies (such as jsessionid) are constructed by the server itself. Some are constructed by the web application program. They are all sent as part of the HTTP Response stream to the client (as part of the headers). The client then caches them and sends them back on the next and subsequent Request(s) - if any. Subject to the constraint that cookies come with an expiration date/time and once that expiration time has passed, the client destroys its copy of the cookie and no longer transmits it.


To better explain what was my idea about how the cookies work, I write the steps I thought they occurred when a client requests a web page:

1- the browser client contacts the web server for the first time
2- the web server creates a jsessionid cookie, put it into the response object and returns the requested page (index.page) along with response object
3- the client catches the jsessionid cookie, stores it and then starts to render the page sended by the server
4- the jstl code into the index page reads the cookie in the browser client and show them in a table

Please forgive me if I wrote a big stupid thing...
Thank you again
 
Amit Ghorpade
Bartender
Posts: 2856
10
Firefox Browser Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Holloway wrote:Actually, you've got that backwards. No cookies at all exist when you first direct a browser to a website. How, after all, is the client going to know beforehand what cookies are going to be used? It's not like there's a universal standard.


I was trying to say the same thing, maybe my construction was poor. The intent was to clarify the fact that ${cookie} is a server side thing and only comes into play when server receives some cookies from the request.
If there are no cookies (first request) then there is nothing to show.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The cookies are created in the browser when the response gets to the browser. A JSP is executed on the server in order to format the response. So your JSP can't know anything about any cookies created in the same request, because nothing has been sent to the browser yet.

Please see this article to understand how JSP works..
 
Emanuele Mazzante
Ranch Hand
Posts: 77
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Amit Ghorpade wrote:I was trying to say the same thing, maybe my construction was poor. The intent was to clarify the fact that ${cookie} is a server side thing and only comes into play when server receives some cookies from the request.


Your construction was good...my English and my servlet knowledge are very poor! Thank you again.

Bear Bibeault wrote:The cookies are created in the browser when the response gets to the browser. A JSP is executed on the server in order to format the response.


I've missed something and, according to me, my study book is not so clear about this fact. I hope to clarify with that article. Thank you so much.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic