response.addCookie() can make the browser take 2 cookie with the samename???

L

lightning

I put some encrypted token in the cookie, and I set a expiration of
half an hour .

In order to avoid the cookie dies and the user get automately logged
out,

I use reponse.addCookie() to reset the cookie's expiration to half an
hour .

the code I use is just like below:

public long getId(String name) {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie i : cookies) {
if (i.getName().equals(name)) {
i.setMaxAge(ConfigServlet.cookie_expire);
response.addCookie(i);
return MagicUtil.getIdFromMagicNo(i.getValue());
}
}
}
return -1l;
}

But I found that my browser IE6 send 5 cookie back to me, two pair has
the same name.


Cookie: magicno=-6568942197980035062.59357; magicinfo=MDYgNyskKCB/
ISEh; JSESSIONID=5C771E6A3CC321D842A7344BE49C2A81;
magicno=-6568942197980035062.59357; magicinfo=MDYgNyskKCB/ISEh

Is this because IE6 sucks or what I do is not right?
 
C

Chase Preuninger

I hope you know that you should just use an HttpSession and not worry
about that. With HttpSession you can set a time limit.
 
L

lightning

I need a scalable design,maybe this web module will be deployed in a
whole tomcat farm,every tomcat has the same job ,a load balancer is at
the front,any one tomcat dies can not affect the service, so I must
not use a session.
 
L

Lew

lightning said:
I need a scalable design,maybe this web module will be deployed in a
whole tomcat farm,every tomcat has the same job ,a load balancer is at
the front,any one tomcat dies can not affect the service, so I must
not use a session.
Click to expand...

(Please do not top-post.)

Actually, load-balancing and clustering do not militate against the use of
sessions. They do require that session-scoped objects be Serializable, at
least on such systems that I've worked on.
 
L

lightning

(Please do not top-post.)

Actually, load-balancing and clustering do not militate against the use of
sessions. They do require that session-scoped objects be Serializable, at
least on such systems that I've worked on.
Click to expand...


Oh,finally,I worked it out.

To delete that very cookie,not only the cookie name should be the
same,but also the path should!

I modified mycode:

public void destory() {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie i : cookies) {
i.setPath("/"); // I added this line,because it's "/" when
set
i.setMaxAge(0);
response.addCookie(i);
}
}
}


The cookie was desctoyed, also if I ensure these two key is the same,I
can reset the time correctly!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Issue with passing fetched data to POST form. How can I? 0
Cookie Handling 1
Servlet API deletes cookie instead of over-writing it 1
Cookie Parse Read Problem (newbie) 6
Cross-domain cookie synchronisation 0
With request.getCookies() I do not get all cookies! 1
Cookie Anomaly 0
Session Cookie Glitch with mod_perl 2.03 and Apache 2.2.6 1

Members online

Total: 38 (members: 1, guests: 37)
Robots: 118

Forum statistics

Threads
473,999
Messages
2,570,243
Members
46,836
Latest member
login dogas

Latest Threads

Top