Handling Cookies

Cookies are set of textual information’s and Web server send these information’s to the browser and the browser keep these information remains constant when calling the same Web site or domain later. There are several advantages for keeping cookies.

  • Recognize a user during an e-commerce session
  • Strike down username and password
  • Customize the site
  • Focus on adverting.

Recognize a user during an e-commerce session.

In an online shopping cart system client purchase number of items and add it into his shopping cart, and continue their purchase. The client select one item and add into his shopping cart the HTTP connection is closed and each page is send towards the store. After purchasing one item the client want to buy another item. At that time the server sends another page to store, but store can’t identify the client is the same client that put the previous item in the cart. For solving this problem we are using the cookie. For handling cookies we are using the session tracking methods.

There are mainly three methods are used for handling session tracking.

Hidden Fields

Hidden fields can be inserted in the webpage and information can be sent to the server for session tracking. Hidden fields can be created by using the keyword “hidden”. These fields are viewed using view source option from the browsers, but it cannot be visible directly to the user. This type doesn’t need any special configuration from the browser of server and by default available to use for session tracking. This cannot be used for session tracking when the conversation included static resources link html pages.

Eg: – <INPUT TYPE=”hidden” NAME=”technology” VALUE=”servlet”>

URL Rewriting

When a request is create, additional parameter is added with the URL. In general appended additional parameter will be sessionid or sometimes the userid. It helps to track the session. This type of session tracking doesn’t need any special support from the browser.

E.g.:- Original URL is: – http://server:port/servlet/ServletName.

Rewritten URL is:-http://server:port/servlet/ServletName?sessionid=7456.


In session tracking methods cookies are mostly used technology. Cookie is a key value pair of information, sent by the server to the browser. This should be saved by the browser in its space in the client computer. Whenever the browser sends a request to that server it sends the cookie along with it. Then the server can identify the client using the cookie. The source code of creating a cookie is given below,

Cookie cookie = new Cookie(“userID”,”7456”);

Using cookies the session tracking is easy to implement and maintained.

Strike down username and password

In low security sites we are using cookies instead of user name and password. At the time of registration of a particular user, it creates a unique user ID. The cookie sent a unique user ID. By using these user ID the server identify the client is registered client or not. This system helps to avoid the usage of user name and password.

Customize the site

Customize the sites means we are using the cookies to remember what you want.For this setting, the site could accomplish this customization by storing the page settings directly in the cookies. For more complex customization, however, the site just sends the client a unique identifier and keeps a server-side database that associates identifiers with page settings.

Focus on advertising.

Cookies permit the site remembers which topics interested in users and show the related advertisements to those interests.

The Servlet cookie API

There are mainly three steps used for sending cookies to the client

1)      Creating new cookie

2)      Set the attribute or  reading the cookie

3)      Respond the cookie

Creating new cookie

The source code of creating a cookie is given below,

Cookie cookie = new Cookie(“userID”,”7456”);

Setting the cookie or  reading the cookie

For setting any optional attributes we are using set method and add cookies to the response headers we are using response.addCookie. For reading incoming cookies, we are calling request.getCookies() method. Some set and set attributes are discussed below

  1. getComment/setComment: – This method helps to gets/sets a comment associated with the cookie.
  2. getDomain/setDomain: – Here, cookies returned domain or hostname.
  3. getMaxAge/setMaxAge: – The browser wants to store or gets the cookie on disk instead of just keeping it in memory,we use setMaxAge to specify how long (in seconds) the cookie should be valid.
  4. getName/setName:-It helps to get/set the name of the cookie.
  5. getPath/setPath: – this is used to gets/sets the path to which this cookie applies.
  6. getSecure/setSecure: – This method returns a Boolean value whether it indicates that cookie should be sent over encrypted  connections.
  7. getValue/setValue: – Gets/sets the value associated with the cookie.
  8. getVersion/setVersion:- This method helps to gets/sets the cookie protocol version on this cookie complies with.

Respond the cookie

In this step we are placing the cookie into the HTTP response headers. For accomplishing this process we are using response.addCookie() method.

E.g. –

Cookie userCookie = new Cookie("user", "uid1234");

Delete Cookies

We can delete cookies in the Internet Explorer. To delete your cookies in Internet Explorer, start at the Tools menu and select Internet Options. To delete all cookies, press Delete Cookies. To selectively delete cookies, press Settings, then View Files. To delete your cookies in Netscape, start at the Edit menu, and then choose Preferences, Privacy and Security, and Cookies. Press the Manage Stored Cookies button to view or delete any or all of your cookies. Please see the below code  and output

E.g CustomizedSearchEngines .java

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.net.*;
/** A varition of the SearchEngine servlet that uses cookies to remember users choices.
 * These values are then used by the SearchEngineFrontEnd servlet
 * to create the form-based front end with these choices preset.
public class CustomizedSearchEngines extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)throws ServletException, IOException {
String searchString = request.getParameter("searchString");
Cookie searchStringCookie =new LongLivedCookie("searchString", searchString);
searchString = URLEncoder.encode(searchString);
String numResults = request.getParameter("numResults");
Cookie numResultsCookie =new LongLivedCookie("numResults", numResults);
String searchEngine = request.getParameter("searchEngine");
Cookie searchEngineCookie =new LongLivedCookie("searchEngine", searchEngine);
SearchSpec[] commonSpecs = SearchSpec.getCommonSpecs();
for(int i=0; i<commonSpecs.length; i++) {
SearchSpec searchSpec = commonSpecs[i];
if (searchSpec.getName().equals(searchEngine)) {
String url =searchSpec.makeURL(searchString, numResults);

CustomizedSearchEngines  Output:-

Search Output
Search Output