On Fri, 8 Sep 2000, Naveen Chandra wrote:
> Hi Milt,
>
> My task is to retrive all the cookie parameters using getXXX()
> methods and decrypt it as I encrypt them using domain, version and
> age while I set the cookie. So decrypt I need to know in the server
> end all these domain, version and age of the cookie using getXXX()
> methods. I can get name valu pair from getHeader() but not other
> values. And getName() and getValue() works fine, but not other
> getXXX() methods.
[ ... ]
Yes, that is consistent with what we're saying. That other
information isn't available to you on the server end, so that's why
those methods don't work.
Like I said, this was covered in Jason Hunter's book, but I don't
remember the exact reasons for it, and I don't recall if any
workaround was given. I don't think one was.
Judging by the trace someone included in a previous message, shown
below, it may be that that information is simply not being transferred
from the client to the server (i.e. it wasn't in the request), in
which case it seems there wouldn't be anything you can do about it.
That's about all I can say about it.
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java Servlet
> API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Milt
> Epstein
> Sent: Friday, September 08, 2000 9:57 AM
> To: [EMAIL PROTECTED]
> Subject: Re: domain value of the Cookies in Servlets
>
>
> On Fri, 8 Sep 2000, Naveen Chandra wrote:
>
> > Hi Kevin,
> >
> > Could you pl. tell me what do I do in my servlet code
> > to get all these values in the server end from client.
> > -------------------------------------------------------------------------
> > HTTP/1.0 200 OK
> > Content-Type: text/html
> > Set-Cookie: Hello=World;Domain=.host.com;Expires=Fri, 08-Sep-2000 06:04:08
> > GMT
> > --------------------------------------------------------------------------
> > And again getMaxAge() always returns me the negative value,
> > that means as per Java API Cookies are not stored persistently.
> > Please help me what do I do to store my cookies persistently.
> [ ... ]
>
> As per some earlier messages in this thread, most of the cookie
> information is not available on the server (and further discussion has
> shown that the headers look different in the request and response), so
> most of the getXXX() methods won't return anything meaningful. So you
> really can't judge from this whether the cookies are being stored
> persistently. A better test would be to check things on the
> client/browser side.
>
>
> > Here is the snippet of code I used in my servlets.
> > ---------------------------------------------------------
> > Cookie co = new Cookie("portal", "naveen.ibelong.net");
> > co.setDomain(".ibelong.net");
> > co.setVersion(1);
> > co.setPath("/");
> > co.setMaxAge(9999);
> > response.addCookie(co);
> > ---------------------------------------------------------
> > I am sorry, if you feel this is a silly question to ask, as
> > I could'nt find any other methods in the Servlet API
> > under HttpServletRequest, HttpServletResponse and Cookie classes.
> > to get the domain name , age and path as
> > getMain() and getPath() returns me null and getMadAge() returns me -1 .
> >
> > Thanks in advance,
> > Naveen.
> >
> > -----Original Message-----
> > From: A mailing list for discussion about Sun Microsystem's Java Servlet
> > API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin
> > Jones
> > Sent: Friday, September 08, 2000 5:03 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: domain value of the Cookies in Servlets
> >
> >
> > The fields are the same but the description is different,
> >
> > i.e. the RFC says that the attribute values must be copied, whereas the
> > Netscape spec. doesn't say anything about the attributes at all (in the
> > request header)
> >
> > > Hmmm... my reference says that netscape cookies do pass domain info.
> > > The browser presumably just doesn't pass it back due to security
> > > concerns.
> >
> > I have a trace here that looks like this (from Netscape 4.51)
> >
> > GET /test/servlet/TestCookies HTTP/1.0
> > Connection: Keep-Alive
> > User-Agent: Mozilla/4.51 [en] (WinNT; I)
> > Pragma: no-cache
> > Host: kevinj.host.com:4242
> > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
> */*
> > Accept-Encoding: gzip
> > Accept-Language: en
> > Accept-Charset: iso-8859-1,*,utf-8
> > Cookie: Hello=World
> >
> > with this result
> >
> > HTTP/1.0 200 OK
> > Content-Type: text/html
> > Set-Cookie: Hello=World;Domain=.host.com;Expires=Fri, 08-Sep-2000 06:04:08
> > GMT
> > Servlet-Engine: Tomcat Web Server/3.2 beta 3 (JSP 1.1; Servlet 2.2; Java
> > 1.3.0; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.)
> >
> >
> >
> >
> > Kevin Jones
> > DevelopMentor
> > www.develop.com
> >
> > > -----Original Message-----
> > > From: A mailing list for discussion about Sun Microsystem's Java Servlet
> > > API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Nic
> > > Ferrier
> > > Sent: 08 September 2000 05:31
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: domain value of the Cookies in Servlets
> > >
> > >
> > > >>> Kevin Jones <[EMAIL PROTECTED]> 08-Sep-00 4:47:10 AM >>>
> > >
> > > >Doing packet traces for both NS and IE shows that they
> > > >both only send "Set-Cookie: Name=Value" as the header
> > > >and no extra values. Setting the version makes no difference
> > > >in either case!
> > >
> > > Hmmm... my reference says that netscape cookies do pass domain info.
> > > The browser presumably just doesn't pass it back due to security
> > > concerns.
> > >
> > > Netscape cookies certainly pass more than just the value.
> > >
> > > They at least send the path.
> > >
> > > As far as I recall (when I was implementing this in GNU-Paperclips)
> > > the problem with netscape cookies is that the order of the modifiers
> > > is fixed and it's a syntax error to have them in any other order.
> > > Thus, unless the servlet engine gets this order corect the cookie
> > > won't be set properly.
> > >
> > >
> > > The new IETF cookies standard has no such problems but, as you say,
> > > no one seems to be using it.
> > >
> > > The only data difference I can see between the two though is the
> > > "comment" and "version" modifier fields. Also the field names seem to
> > > be capitalized (but I can't remember if that is a requirement or
> > > not).
> > >
> > >
> > > Nic
Milt Epstein
Research Programmer
Software/Systems Development Group
Computing and Communications Services Office (CCSO)
University of Illinois at Urbana-Champaign (UIUC)
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
