Cookie Handling

P

Peter Horlock

Hi,
<preface>
I want to remove all sessionids from my website, to improve its
ranking in google.

In a first step, I tried using the JSTL <c:url> session mechanism. For
the first request,
it adds a session id GET parameter AND a cookie to the response. When
the client sends back both, cookie and param, from then on the website
will communicate through the cookie. However, either google does not
support cookies, or it stored the link from the very first request,
including the get parameter, anyway, most of my website's urls are now
in the google index with the jsessionid parameter.

Looking for alternatives, I read something from tuckey's urlrewrite
component (which we are already using anyway):
http://tuckey.org/urlrewrite/manual/3.0/guide.html

(Search for "Hide jsessionid for requests from googlebot.").
However, I suppose, this will not solve my problem, because the
urlrewrite filter only works for incoming request, so the first
request would not contain a jsessionid, the urlrewrite component would
rewrite it, but when the server replies, it would attach the jsession
id, I guess. When the third request reaches the urlrewrite filter,
then it would truncate the jsession id, but then it would already be
to late, I guess. Let me know if I am wrong here..

Anyway, as a "third best approach" I thought I could only use cookies.
The cookies are only used for tracking, so for the 2% not supporting
cookies only the tracking would be disabled, and I am willing to
sacrifice that for a better ranking in google.
</preface>

So I tried to add a cookie with a name and a max age (20 minutes).
Even though there is hardly any documentation about cookies online, I
figured out by myself that I also have to set a path, and I am not
completly sure if I also have to set the domain, or not - if I set it
just "something", the cookie got rejected from my firefox 3.0 browser,
I guess for security reasons. Now for the first request, I want to set
a cookie, a max age, and my tracking value. However, when my (Spring)
Controller received the second request, I found the cookie, but the
max age seems to have gone. I would like to reuse the very same cookie
until it will get deleted because it timed out - only then do I want
to create a new cookie - in order to properly reproduce the "session
handling" behavior I had when I was using cookies. A colleague
mentioned something that the max age would get deleted as soon as you
retrieve a stored cookie from the browser. Is that so? If so, I guess
I will have to additionally append the max age value to my tracking
value. True?

Here's the story put into a code snippet:
Cookie cookie = new Cookie(cookieName, "");
cookie.setMaxAge(COOKIE_MAX_AGE);
//cookie.setDomain(domain); // setting this caused rejection
of the cookie
cookie.setPath("/");
[...]
Later, in a different part of the app, I am resetting the cookie value
through its reference that I passed through to the other component:
cookie.setValue(myValue);
---
Now the second request should retrieve the old cookie I set:
Cookie cookie = null;
Cookie[] cookies = request.getCookies();
if(cookies != null && cookies.length > 0){
for (Cookie c : cookies) {
String cName = c.getName();
if (cookieName.equals(cName)) {
cookie = c;
break;
}
}
}
But when retrieving the cookie from the browser, cookie.getMaxAge
always results in -1, no matter what I am doing...

Any ideas how I could fix this?

Thanks,

Peter
 
C

Christian Ulrich

Got a similar Problem here - I also would like to keep the "old" maximum
age of the cookie.

Anyone???
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,982
Messages
2,570,189
Members
46,735
Latest member
HikmatRamazanov

Latest Threads

Top