You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Randy Paries <ra...@unitnet.com> on 2003/10/14 21:47:47 UTC

servlets and cookies

Hello 
i assume this is more of a servlet programming problem that tomcat, but
i hope someone has some insight?


Please tell me i can do this:
1)i go to a jsp page and if it does not find the exist of a cookie it
forwards to a login screen

2) the login screen submits to a servlet, and then set some cookies and
then forwards to the original JSP

3) the orig jsp sees those cookies and life is fine.

well i can not make the servlet set the cookies so that the forwarding
jsp sees those cookies.

====
        Cookie cookie1 = new Cookie("USERID",_User.getUname());
        cookie1.setMaxAge(-1);
        cookie1.setPath("/");
        res.addCookie(cookie1);

        Cookie cookie2 = new Cookie("USERDIR",_User.getDir());
        cookie2.setMaxAge(-1);
        cookie2.setPath("/");
        res.addCookie(cookie2);

        RequestDispatcher disp = 
getServletConfig().getServletContext().getRequestDispatcher("/my.jsp");
        disp.include(req,res);


my.jsp does not see the cookies.

if i just refresh the browser the second time in the cookies are there

What the heck am i doing wrong
thanks



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: servlets and cookies

Posted by Steph Richardson <st...@kvasar.com>.

Randy,

Because you are doing an RequestDispatcher.include() the my.jsp page is served up in the same HTTP Response that is setting the
cookies.
my.jsp then looks in the Request for the cookies and doesn't find them there, because it's looking at the same HTTP Request that was
originally sent to your login servlet.

All the forwarding here ( or including in this case ) occurs on the server side. You need to do a round trip to the browser to set
the cookies, so that they will be included on subsequent requests. i.e. something like :
	response.sendRedirect( "/my.jsp" );

This will send a 302 response to the browser, as well as the correct response headers to set your cookie values, so that they are
included as request headers in the redirected request to my.jsp


Steph

P.S. for what it's worth I think the best explanation of all you need to know about HTTP methods, headers, cookies, etc.. comes in
the first few chapters of an O'Reilly book called "ASP in a Nutshell" - just the thing for a Tomcat users list ;)




> -----Original Message-----
> From: Randy Paries [mailto:randy.paries@unitnet.com]
> Sent: Tuesday, October 14, 2003 3:48 PM
> To: tomcat-user@jakarta.apache.org
> Subject: servlets and cookies
>
>
> Hello
> i assume this is more of a servlet programming problem that tomcat, but
> i hope someone has some insight?
>
>
> Please tell me i can do this:
> 1)i go to a jsp page and if it does not find the exist of a cookie it
> forwards to a login screen
>
> 2) the login screen submits to a servlet, and then set some cookies and
> then forwards to the original JSP
>
> 3) the orig jsp sees those cookies and life is fine.
>
> well i can not make the servlet set the cookies so that the forwarding
> jsp sees those cookies.
>
> ====
>         Cookie cookie1 = new Cookie("USERID",_User.getUname());
>         cookie1.setMaxAge(-1);
>         cookie1.setPath("/");
>         res.addCookie(cookie1);
>
>         Cookie cookie2 = new Cookie("USERDIR",_User.getDir());
>         cookie2.setMaxAge(-1);
>         cookie2.setPath("/");
>         res.addCookie(cookie2);
>
>         RequestDispatcher disp =
> getServletConfig().getServletContext().getRequestDispatcher("/my.jsp");
>         disp.include(req,res);
>
>
> my.jsp does not see the cookies.
>
> if i just refresh the browser the second time in the cookies are there
>
> What the heck am i doing wrong
> thanks
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: servlets and cookies

Posted by Robert Weeks <va...@vaiism.com>.

Hello -

> Hello
> i assume this is more of a servlet programming problem that tomcat, but
> i hope someone has some insight?
>
>
> Please tell me i can do this:
> 1)i go to a jsp page and if it does not find the exist of a cookie it
> forwards to a login screen
>
> 2) the login screen submits to a servlet, and then set some cookies and
> then forwards to the original JSP
>
> 3) the orig jsp sees those cookies and life is fine.
>
> well i can not make the servlet set the cookies so that the forwarding
> jsp sees those cookies.


When it comes to doing things like this - I generally use session or 
request variables to do so (not direct cookie access) - is there a 
reason you wouldn't want to do this instead of the session? I think 
most of the time tomcat will be using cookies for all of this (unless 
explicitly told to use URL rewriting).

For example - maybe do something like this (using struts):

(numbers correspond to above):

1)
<%@ taglib uri="/tags/struts-bean" prefix="bean" %>
<%@ taglib uri="/tags/struts-html" prefix="html" %>
<%@ taglib uri="/tags/struts-logic" prefix="logic" %>

<html>
<head>
   <title>Admin Tool</title>
   <html:base/>
</head>
<body>
<html:errors/>

<logic:notPresent scope="session" name="isLoggedIn">
   <logic:redirect forward="adminLogin"/>
</logic:notPresent>
<logic:present scope="session" name="isLoggedIn">
   <logic:redirect forward="adminHome"/>
</logic:present>
...

Where 'adminLogin' is mapped:

<forward name="adminLogin" path="/adminLogin.do"/>

which is an action that forwards to a file called login.jsp

<action path="/adminLogin"
               type="org.apache.struts.actions.ForwardAction"
               parameter="/admin/login.jsp"/>


2 & 3) login.jsp (above) then uses a servlet to gather the information 
if successful then:

     ...
     session.setAttribute(IConstants.IS_LOGGED_IN, "true");


     where ' IConstants.IS_LOGGED_IN' = "isLoggedIn"

and then forwards back to the home page (after setting other vars in 
the session/request as well).


Also this way - if the session has expired, then the test at the 
beginning would forward back to the login if needed as well.

I could be doing this wrong as well - but seems to work OK.

Hope this is what you were asking about (if not - sorry for the wasted 
space!)

=)


--
Robert B. Weeks


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org