You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Dave Mulligan <da...@lecan.ie> on 2003/06/11 12:14:32 UTC

[OT] Cookies

Hey all,

Got a small problem with Cookies!

What happens is:

1 User logs in using the LoginServlet

2 The LoginServlet sets a Cookies and forwards the request to the
j_security_check i.e. Container Managed Auth.

    Cookie cookie = new Cookie(name, value);
    cookie.setPath("/");
    cookie.setMaxAge(30 * 24 * 60 * 60); // 30 days
    response.addCookie(cookie);

    String req = request.getContextPath() + "/" + authURL + "?j_username=" +
                 RequestUtils.encodeURL(username) + "&j_password=" +
                 RequestUtils.encodeURL(encryptedPassword);
    response.sendRedirect(response.encodeRedirectURL(req));


3 CMA loads the user principle and the request it forwarded to /welcome.do
4 The SingleSignonFilter runs but is unable to find the cookie set in step 2
above and displays error page.
5 If I press refresh button, SingleSignonFilter can now find the cookie and
everthing works!

The above is much like what is found in struts-resume found on sf.net

My question is, when does the cookie get sent to the browser?

Is it after Step 2 when the LoginServlet does the response.sendRedirect()
or
Is it after Step 4 when the SingleSignonFilter displays the error page


My second question:

What is the best way to remove a cookie?
Setting the max-age to zero doesn't seem to work for me!

Tnx in advance.



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

RE: [OT] Cookies

Posted by Dave Mulligan <da...@lecan.ie>.

Thanks for your help Mark.

The spec says setMaxAge( 0 ) deletes the cookie. But is doesn't seem to work
for me.
http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/Cookie.h
tml#setMaxAge(int)

I got around the problem by saving the key in both the
Cookie - so applications in other contexts could see it and also the
HttpSession - so the first (welcome) page could see it.



-----Original Message-----
From: Mark Galbreath [mailto:mark_galbreath@qat.com]
Sent: 11 June 2003 14:20
To: 'Struts Users Mailing List'
Subject: RE: [OT] Cookies


1. The cookie is not being set because you are using a redirect and a
browser will only accept cookies from the URL that is sending them.  When
you refresh, you get the cookie because you are now in the proper
relationship.

2.  setMaxAge( 0 ) tells the browser to remove the cookie at the end of its
session.  In other words, if you shut down your browser and restart it, the
cookie will not be there.

Mark

-----Original Message-----
From: Dave Mulligan [mailto:david.mulligan@lecan.ie]
Sent: Wednesday, June 11, 2003 6:15 AM
To: struts-user@jakarta.apache.org
Subject: [OT] Cookies


Hey all,

Got a small problem with Cookies!

What happens is:

1 User logs in using the LoginServlet

2 The LoginServlet sets a Cookies and forwards the request to the
j_security_check i.e. Container Managed Auth.

    Cookie cookie = new Cookie(name, value);
    cookie.setPath("/");
    cookie.setMaxAge(30 * 24 * 60 * 60); // 30 days
    response.addCookie(cookie);

    String req = request.getContextPath() + "/" + authURL + "?j_username=" +
                 RequestUtils.encodeURL(username) + "&j_password=" +
                 RequestUtils.encodeURL(encryptedPassword);
    response.sendRedirect(response.encodeRedirectURL(req));


3 CMA loads the user principle and the request it forwarded to /welcome.do 4
The SingleSignonFilter runs but is unable to find the cookie set in step 2
above and displays error page. 5 If I press refresh button,
SingleSignonFilter can now find the cookie and everthing works!

The above is much like what is found in struts-resume found on sf.net

My question is, when does the cookie get sent to the browser?

Is it after Step 2 when the LoginServlet does the response.sendRedirect() or
Is it after Step 4 when the SingleSignonFilter displays the error page


My second question:

What is the best way to remove a cookie?
Setting the max-age to zero doesn't seem to work for me!

Tnx in advance.



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

RE: [OT] Cookies

Posted by Mark Galbreath <ma...@qat.com>.

1. The cookie is not being set because you are using a redirect and a
browser will only accept cookies from the URL that is sending them.  When
you refresh, you get the cookie because you are now in the proper
relationship.

2.  setMaxAge( 0 ) tells the browser to remove the cookie at the end of its
session.  In other words, if you shut down your browser and restart it, the
cookie will not be there.

Mark

-----Original Message-----
From: Dave Mulligan [mailto:david.mulligan@lecan.ie] 
Sent: Wednesday, June 11, 2003 6:15 AM
To: struts-user@jakarta.apache.org
Subject: [OT] Cookies


Hey all,

Got a small problem with Cookies!

What happens is:

1 User logs in using the LoginServlet

2 The LoginServlet sets a Cookies and forwards the request to the
j_security_check i.e. Container Managed Auth.

    Cookie cookie = new Cookie(name, value);
    cookie.setPath("/");
    cookie.setMaxAge(30 * 24 * 60 * 60); // 30 days
    response.addCookie(cookie);

    String req = request.getContextPath() + "/" + authURL + "?j_username=" +
                 RequestUtils.encodeURL(username) + "&j_password=" +
                 RequestUtils.encodeURL(encryptedPassword);
    response.sendRedirect(response.encodeRedirectURL(req));


3 CMA loads the user principle and the request it forwarded to /welcome.do 4
The SingleSignonFilter runs but is unable to find the cookie set in step 2
above and displays error page. 5 If I press refresh button,
SingleSignonFilter can now find the cookie and everthing works!

The above is much like what is found in struts-resume found on sf.net

My question is, when does the cookie get sent to the browser?

Is it after Step 2 when the LoginServlet does the response.sendRedirect() or
Is it after Step 4 when the SingleSignonFilter displays the error page


My second question:

What is the best way to remove a cookie?
Setting the max-age to zero doesn't seem to work for me!

Tnx in advance.



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org