Java Cookie getDomain,getMaxAge,getPath返回null
来源:互联网 发布:mac系统怎么删除文件 编辑:程序博客网 时间:2024/06/10 08:46
AddCookieServlet
- Cookie cookie = new Cookie("mycookie", "juanjuan");
- cookie.setMaxAge(10); //10 means 10 seconds
- cookie.setDomain(".cityu.edu.hk");
- response.addCookie(cookie);
GetCookieServlet
- Cookie[] cookies = request.getCookies();
- if (cookies != null) {
- for (Cookie cookie : cookies) {
- out.println(cookie.getName() + ": " + cookie.getValue()
- + "<br>");
- out.println("domain: " + cookie.getDomain() + "<br>");
- out.println("max age: " + cookie.getMaxAge() + "<br>");
- }
- }
When you get cookie from request, you can only get cookie name and value, and always:
getDomain() return null
getPath() return null
getMaxAge() return -1
Check the real cookie data in Firefox menu ""Tools -> Options -> Privacy -> Show Cookies", you can see the cookie "mycookie" domain is cityu.edu.hk and max age is 10.
Why???
Answer (from http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=50&t=004445):
This happens because KookieAPI's implementation Kookie.java doesn't return us the Domain, Path,Max Age any extra information except Kookie name,value
NOTE: I have replaced "c" from cookie to "k" everwhere to avoid the posting error I was getting...
Here is a piece of code from Kookie.java,
code:
public Kookie(String name, String value)
{
maxAge = -1;
version = 0;
if(!isToken(name) || name.equalsIgnoreCase("Comment") || name.equalsIgnoreCase("Discard") || name.equalsIgnoreCase("Domain") || name.equalsIgnoreCase("Expires") || name.equalsIgnoreCase("Max-Age") || name.equalsIgnoreCase("Path") || name.equalsIgnoreCase("Secure") || name.equalsIgnoreCase("Version"))
{
String errMsg = lStrings.getString("err.kookie_name_is_token");
Object errArgs[] = new Object[1];
errArgs[0] = name;
errMsg = MessageFormat.format(errMsg, errArgs);
throw new IllegalArgumentException(errMsg);
} else
{
this.name = name;
this.value = value;
return;
}
}
Here what happens is- browser returns the kookie as defined per RFC 2109
Now, the webserver's code parses the kookie header separated by ";" and so gets following in the list,
name1=value1
domain=domain1
path=path1
(and other parameters like Secure, Comment etc...)
name2=value2
domain=domain2
path=path2
(and other parameters like Secure, Comment etc...)
and then tries to create Kookie object for each of such Name,Value pair after further separting by '=' sign. So, it does,
Kookie tempKookie = new Kookie(name,value);
nowthe Kookie.java ignores the kookie creation if the name is Path, Domainetc (as per the above Kookie.java) and so it only gets kookie's nameand value...
Here isthe Tomcat405's code that parses the Kookie. If we combine theknowledge of the RFC 2109, this code and Kookie.java then we wouldrealize what happens here...
code:
/**
* Parse a kookie header into an array of kookies according to RFC 2109.
*
* @param header Value of an HTTP "Kookie" header
*/
public static Kookie[] parseKookieHeader(String header) {if ((header == null) || (header.length() < 1))
return (new Kookie[0]);ArrayList kookies = new ArrayList();
while (header.length() > 0) {
int semicolon = header.indexOf(';');
if (semicolon < 0)
semicolon = header.length();
if (semicolon == 0)
break;
String token = header.substring(0, semicolon);
if (semicolon < header.length())
header = header.substring(semicolon + 1);
else
header = "";
try {
int equals = token.indexOf('=');
if (equals > 0) {
String name = token.substring(0, equals).trim();
String value = token.substring(equals+1).trim();
kookies.add(new Kookie(name, value));
}
} catch (Throwable e) {
;
}
}return ((Kookie[]) kookies.toArray(new Kookie[kookies.size()]));
}
hope this is helpful...
andthe reason that Kookie.java ignores Domain, Path etc could be just thatit wanted to avoid providing any more information to the server as aprevention of possible hack by some other servers. e.g.
- I have a server1, server2.
- server1 sets a kookie called "server1login" w/ domain/path etc..
-server2 hacks the user system's browser and write a code to readkookies that allows it to read "all" kookies set in the browser
-now, if the reading of the kookie returned every bit of informationabout the kookie then server2's code would know domain/path of server1and can then overwrite the kookie BUT if it didn't get the domain/paththen it won't be able to overwrite the kookie and the user'sapplication runnin in the browser is less liable to mis-behave due tothe hack.
- Hereserver2 CAN override Kookie API defined by Kookie.java and return allthe information to the user but that would violate Kookie API but to dothat we have to modify server2's servlets.jar where the Kookie.class isthere and all those things which can't be just done with a blink ofeye....
- ifserver1's code wanted to modify the kookie (in case of logout if wewant to remove the kookie) then the code has to know the domain/pathetc information with which the kookie was set and that way it can dothings. AND most probably the code on server1 knows those values...
Its difficult to explain but I'm sure you won't have problem in getting what I am trying to say
Regards
Maulin
- Java Cookie getDomain,getMaxAge,getPath返回null
- Why call java Cookie getDomain() method always return null??
- cookie.getPath Domain MaxAge 为null的问题
- vivo手机上Uri的getPath返回null
- cookie的getMaxAge 获取总是-1的问题
- GetPath
- Java getPath() getAbsolutePath() getCanonicalPath()区别
- Java 返回零长度数组或集合,而不是返回null
- java里getPath、 getAbsolutePath、getCanonicalPath的区别
- java里getPath、 getAbsolutePath、getCanonicalPath的区别
- java中getpath、getabsolutepath和getname
- Java中getPath与getAbsolutePath区别
- topics: Java file getPath getAbsolutePath getCanonicalPath
- java里getPath、 getAbsolutePath、getCanonicalPath的区别
- 【java】File,file.getPath(), getAbsolutePath(), getCanonicalPath()区别
- java里getPath、 getAbsolutePath、getCanonicalPath的区别
- java里getPath、 getAbsolutePath、getCanonicalPath的区别
- getPath()返回路径包含的“%20”(空格)
- 在vs2003(vc7.1)上安装boost库
- Windows下Critical Section、Event、Mutex、Semaphores区别
- NGINX日志统计命令
- Skin++ 使用unicode编码
- 世界难以自拔的,除了牙齿,还有爱情
- Java Cookie getDomain,getMaxAge,getPath返回null
- UVA 10420 - List of Conquests
- MVC验证模型
- vimgdb安装及用法
- Testinside 000-142考试指南及资料分享
- Oracle学习(二)
- TWaver Flex与.NET最新版,三大视图组件齐备
- 使用 ASP.NET 的验证控件
- linux多线程编程学习心得