I have found a strange behaviour (strange for me, a novice :D) in my project.
Basicly after an action I create or update a cookie (if it exists or not) and send it to the client. The strange thing is that in the jsp I can read the cookie ONLY when I update its value (and I get the updated value, not the old one) but not the first time, when I create it (I can see the cookie using a browser tool but seems that the jsp can't read it).
Is this a normal behaviour? If yes, what do you suggest to do in order to have the cookie information available also at the first time?
Thanks very much!
Roberto
If you create or update a cookie, it will be stored in the response header. If you request a cookie, it will be requested from the request header.
I think your problem is that you're forwarding the same request from servlet to JSP and that you expect that the new cookie is already available in the request header. This is not true. The new cookie is only available in the subsequent requests.
You have 2 options:
Redirect to JSP. A redirect will create a new request.
Store the data of interest as request attribute and let EL in JSP access it.
By the way, I saw in one of your comments that you're using plain Java code to read cookies in a JSP. I would only say that using scriptlets in JSP is a bad practice. You can access cookie values easily in EL as follows:
${cookie.cookiename.value}
[Edit] oh my, now I see that this is an old topic. Hopefully my effors weren't all for nothing :/
Cookies are stored on client, and so if the response doesn't gets to the client yet, its value is not updated, but it should be available on the next requests.
cookies are used to identify clients when they send you any requests. here's what you are doing when you set the cookie up. you are sending the cookie to the client along with response. And when that client send his next request the cookie that you set comes along with it. so, in the jsp page where you are setting up the cookie, you don't have a request from the client with cookie! so you can't read it. but what you can do like what jerjer has said above. (i.e use a temp and store cookie's value in it and don't try to retrieve cookie. just read the temp value). And i see you say you can read the cookie only when you update. You will be able to read cookie's value from future reqests after cookie is set even if you don't update it. Hope this helps.
Related
I've browsed a bunch of questions that are similar to mine, but none of the solutions I have tried seem to work.
I have a Jersey2.0 REST service that adds a cookie to the response and returns it to an Angularjs front end application. I already have the setup done correctly (Access-Control-Allow-Credentials=true, no wildcard in Access-Control-Allow-Origin, etc..).
I do it by adding a "SET-COOKIE" header on the response like so:
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add("SET-COOKIE", new NewCookie(cookieName, cookieValue);
This works, and I can see the cookie being returned in the response of that particular REST service call to that particular REST endpoint. What I mean is, on the Chrome developer console under the Network tab, I can click on the request that is supposed to return the cookie, and in both the 'Cookies' and 'Headers' tabs, I can see the cookie being returned in the response. In fact, when I make another request to the endpoint, that same cookie is now sent in the request and I can capture it on the Jersey server.
Great. The issue is that the cookie is not showing up on the 'Resources' tab. If I click on the 'Resources' tab, then along the left select the 'Cookies' dropdown and then select localhost, the cookie I'm trying to send in the response is not there. I'm assuming this is also why when I try to get the cookie in my AngularJs application via $cookies.get('cookieId'); using ngCookies, I get undefined.
Also, just in case someone mentions it in an answer/comments, I'm pretty sure the problem here is not HttpOnly. My JSESSIONID cookie gets returned, and I can see it in the 'Resources' tab with the Http field checked indicating HttpOnly.
I thought maybe because I'm in a corporate environment, they don't let me add cookies, but I'm able to do this on the Angular front end via $Cookies.put('cookieId', 'cookieValue'); and it shows on the 'Resources' tab just fine.
Any help as to why my cookies are not being added from the server?
After digging through a few more stackoverflow questions relating to my original one, I found out through this stackoverflow question that cookies that are created on one domain cannot be accessed on another domain using Javascript.
I will have to come up with a workaround for this, but my original question has been answered so marking this as answered.
For your case it is easy to solve if you just set the path of the cookie,
e.g.
Cookie myCookie = new Cookie("Name_of_cookie", "String_value_of_cookie")
myCookie.setPath("/the domain Js is using ")
Or just leave it as / for the main domain that most probably Js is deployed.
I have a small confusion about Cookies, whenever the user is logging in we create cookies and adding to the response header.
Cookie cookie = new Cookie("sessionId", "232hghjghghgh"); // http cookie.
cookie.setVersion(1);
cookie.setPath("/");
cookie.setMaxAge(1000);
response.addCookie(cookie);
I think the above will be setting into the browser cache and we can get it from the browser cookies.
In our GWT module we already have an existing implementation like
Cookies.getCookie("sessionId"); // Cookies are from GWT
We are able to get the cookie using above line without using anywhere Cookies.setCookie() method.
Is that because of above line response.addCookie(cookie).
Could any body tell me, is my assumption correct?
Yes. Your first example is using a javax.servlet.http.Cookie, and this happens on the server side. The latter is purely GWT (i.e. client side) and returns java.lang.String (i.e. the String value of the cookie). But of course both are conceptually the same and setting one on the server will make the other show up on the client.
Actually i want to use the textbox value and set the session parameter in the same JSP page without submitting it or like using request or response object. This textbox value i want to use in the same JSP page for further use. How can i access the value of a text box in the same page?
You could either utilize the new HTML5 local storage (only supported in the more recent/modern browsers), or you could create a session cookie in JavaScript and store the value in there.
Note that none of those approaches will affect the server side HttpSession in any way. For that you simply can't go around sending a HTTP request containing the desired information, as that's the only way to send information from the client to server side. You could however consider using ajax to send the HTTP request asynchronously and fully transparently in the background.
I'm posting some strings in my Session with the call
request.getSession().setAttribute(key, value);
And making the redirect with
response.sendRedirect(urlRedirect);
In almost all cases the values is there after the redirect.
But sometimes I can only read this value in the next page view, not in the redirect. There is no common behavior.
Someone has faced the same problem?
Sessions are backed by a HTTP cookie. On first-time session creation, a cookie will be set in the response header. By default, cookies are bound to a specific context only.
So, if you redirect while the cookie hasn't been set yet, the session will get lost. To go around this, you need to encode the redirect URL.
response.sendRedirect(response.encodeRedirectURL(url));
This appends the jsessionid identifier to the URL which allows the servletcontainer to locate the right session without help of a cookie.
If you don't like the jsessionid thing, then consider implementing a filter like this which ensures that the client is aware of the session cookie before the request enters your controller wherein you fire the redirect.
Also, if you redirect to a different context, it won't be able to access the same session. To go around this, you need to configure the servletcontainer to share the session among the contexts. In for example Tomcat, check the emptySessionPath attribute of the <Connector> element in /conf/server.xml.
Such a behaviour can be caused by caching.
If the page you are redirecting to is retrieved from the browser cache, you obviously can't see the result of setAttribute() on it. So make sure it's actually requested by the browser.
Are you sure you need to do redirect through browser (response.sendRedirect()) and not on the server side (RequestDispatcher.forward())? Latter is faster as there are no network round trip.
The problem was solve by changing the way of submit.
The page was submitting the data only changing the value of location.href to the Servlet Action.
We only call the submit function from the page form, and the session attributes works fine!
I wants to know that How can i Manage Session if the client browser has disabled cookie feature..
If I wants to implement it in simple JSP - Servlet, then how can I do that ?
Thanks in advance...
Without cookies, you have two options. The first is passing a sessionId through Urls. This requires a lot of work on the server because every url you send back must have a sessionId appended to it (usually in the form of a query string parameter). For example:
/path/to/page
becomes
/path/to/page?sessionid=ASDFG-ASDFG-ASDFG-ASDFG-ASDFG
The other option you have would be to combine what information you have via http into a "unique" key and create your own session bucket. By combining the Http UserAgent, RemoteIp and RemoteXfip you can get close to uniquely identifying a user, but there is no guarantees that this key is 100% unique.
In the JSP side, you can use JSTL's <c:url> for this.
link
Easy as that. It will automagically append the jsessionid when cookies are disabled.
In the Servlet side you need HttpServletResponse#encodeURL() or -usually the preferred one inside Servlets- HttpServletResponse#encodeRedirectURL() for this.
response.sendRedirect(response.encodeRedirectURL("page.jsp"));
url rewriting
http://www.developertutorials.com/tutorials/java/implement-session-tracking-050611/page5.html
Each URL must be encoded using response.encodeURL("page.jsp")
This will add the Session ID onto the end of each URL so cookies do not have to be enabled.
Note that you will have to do this manually for every single URL in order for it to work.
See this link for more info.