You would simply create a Cookie object, set the user/password into that
cookie, and set the MaxAge (to make sure the cookie persists after the
session has ended). Then add the Cookie to the HttpServletResponse before
sending the html page to the client. You probably don't want to wait until
the end of the user session, since you have no idea when the user is going
to end his session.
(*Chris*)
----- Original Message -----
From: Jon Williams <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 08, 1999 12:47 AM
Subject: Re: cookies and client pull
>I am curious. If you were to prepare a set of pages that would each add
>something to the URL and you wanted to parse a user/password cookie from
>the URL at the end of the user session and pass it to the browser as a
>real cookie... how would that be accomplished easiest???
>
>Jon
>
>"Craig R. McClanahan" wrote:
>>
>> John Evershed wrote:
>>
>> > Cookies are the easiest way to maintain session state.
>> >
>> > BUT, if you depend on cookies, you run the risk of the
>> > client browser either not being capable of accepting
>> > cookies or the browser user deliberately turning cookies
>> > off.
>> >
>> > When this happens, you probably end up creating new session
>> > each time that user accesses a page in your application -
>> > this could add up to a lot of useless object clutter in your
>> > VM (as the new sessions cannot ever be used).
>> >
>> > Does anyone have a comment on the advisability of the
>> > following solution?... [snipped mechanism to tell the user they need
>> > cookies]
>>
>> The Servlet API does offer a standard approach to using sessions even
when the
>> browser does not have cookies enabled. It is called URL rewriting. This
>> allows you to presume support for sessions without worrying about whether
or
>> not cookies are actually being used "under the covers". The only
additional
>> responsibility you need to do is call HttpServletResponse.encodeUr() for
each
>> URL that your servlet generates that points back to this application.
>>
>> If you really want to not support the user when cookies are disabled,
just use
>> getSession(false) in your subsequent pages (i.e. once you are past the
"home"
>> page of the site). If this returns null (because no session id cookie
was
>> retunred), you can do your error page thing, and not worry about creating
lots
>> of useless sessions.
>>
>> Craig McClanahan
>>
>>
___________________________________________________________________________
>> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
>> of the message "signoff SERVLET-INTEREST".
>>
>> Archives: http://archives.java.sun.com/archives/servlet-interest.html
>> Resources: http://java.sun.com/products/servlet/external-resources.html
>> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>--
>===========================================
>Jon Thor Williams Phish
>Java Software Specialist :-)
>TrailerSoft [EMAIL PROTECTED] *
>"I want to party like it's 1929!" - Unknown
>===========================================
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
