javax.servlet.http

Class Cookie

java.lang.Object

javax.servlet.http.Cookie

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

public class Cookie
extends java.lang.Object
implements java.lang.Cloneable, java.io.Serializable

A cookie is basically a {String,String} name/value pair that the server tells the client to remember and to send back to him attached to every future request.
Using cookies a server can maintain a state in between client requests.

A formal specification of Cookies can be found in RFC 2109 ("HTTP State Management Mechanism")

Since:

2.0

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
Cookie(java.lang.String name, java.lang.String value) Creates a cookie with a name and a value.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.Object	clone() Clones the Cookie.
java.lang.String	getComment() Gets the comment of the cookie
java.lang.String	getDomain() Gets this cookie's domain
int	getMaxAge() Gets the time-to-live for this cookie, in seconds. If it is 0 then the client will delete the cookie. If it is -1 (which is the default) then the cookie will be a non-persistent cookie. This means that the cookie will live as long as the http client lives, and will not be saved to disk.
java.lang.String	getName() Get the name
java.lang.String	getPath() Gets the path for which requests this cookie will be attached.
boolean	getSecure() Whether only secure means (https) should be used when sending this cookie to a server.
java.lang.String	getValue() Gets the value
int	getVersion() Gets the version of this cookie.
boolean	isHttpOnly() Indicates whether this cookie has been marked as HTTP-only.
void	setComment(java.lang.String comment) Sets the comment of the cookie.
void	setDomain(java.lang.String domain) Sets the domain for which this Cookie will be used.
void	setHttpOnly(boolean isHttpOnly) Marks or unmarks this cookie as HTTP-only.
void	setMaxAge(int maxAge) Sets the maximum lifetime of the cookie in seconds. If set to 0 then the cookie will be deleted by the client. If set to a negative value (such as -1 which is the default) then the cookie will be a non-persistent cookie. This means that the cookie will live as long as the http client lives, and will not be saved to disk.
void	setPath(java.lang.String path) Set the path with which requests this cookie will be sent back to the server.
void	setSecure(boolean secure) Whether only secure means (https) should be used when sending this cookie to a server.
void	setValue(java.lang.String value) Sets a new value.
void	setVersion(int version) Sets the version.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Cookie

public Cookie(java.lang.String name,
      java.lang.String value)

Creates a cookie with a name and a value. The name must be a valid HTTP/1.1 token and not start with $.

Parameters:

name - The name of the cookie

value - The value of the cookie

Throws:

java.lang.IllegalArgumentException - if name is not a valid HTTP/1.1 token or starts with $

Method Detail

setComment

public void setComment(java.lang.String comment)

Sets the comment of the cookie. Not supported by version 0 cookies.

Parameters:

comment - the comment to be

getComment

public java.lang.String getComment()

Gets the comment of the cookie

Returns:

the comment or null if not defined

setDomain

public void setDomain(java.lang.String domain)

Sets the domain for which this Cookie will be used. If the domain is for instance set to .foo_bar.com then the client sends the cookie along with requests to all webservers whose domain ends with ".foo_bar.com" (www.foo_bar.com, blah.foo_bar.com, etc). If not set cookies are only returned to the domain from which the client received the cookie.

Parameters:

domain - The cookie's domain

getDomain

public java.lang.String getDomain()

Gets this cookie's domain

Returns:

The domain for which this cookie will be used or null if not defined

setMaxAge

public void setMaxAge(int maxAge)

Sets the maximum lifetime of the cookie in seconds.
If set to 0 then the cookie will be deleted by the client.
If set to a negative value (such as -1 which is the default) then the cookie will be a non-persistent cookie.
This means that the cookie will live as long as the http client lives, and will not be saved to disk.

Parameters:

maxAge - The time-to-live for the cookie, in seconds

getMaxAge

public int getMaxAge()

Gets the time-to-live for this cookie, in seconds.
If it is 0 then the client will delete the cookie.
If it is -1 (which is the default) then the cookie will be a non-persistent cookie.
This means that the cookie will live as long as the http client lives, and will not be saved to disk.

Returns:

the number of seconds to live or -1

setPath

public void setPath(java.lang.String path)

Set the path with which requests this cookie will be sent back to the server. The domain/path pair determines with which requests the cookie will be sent to the server.
Defaults to path the client requested when it got this cookie.
Example:
When a client receives a Cookie on requesting "/products/" then the path will be "/products/", and this Cookie will be attached to every request for "/products/" and any of its subdirectories.

Parameters:

path - the path

getPath

public java.lang.String getPath()

Gets the path for which requests this cookie will be attached. The domain/path pair determines with which requests the cookie will be sent to the server.
Example:
When a client receives a Cookie on requesting "/products/" then the path will be "/products/", and this Cookie will be attached to every request for "/products/" and any of its subdirectories.

Returns:

the path or null if not defined

setSecure

public void setSecure(boolean secure)

Whether only secure means (https) should be used when sending this cookie to a server.

Parameters:

secure - whether this cookie should be secure or not.

getSecure

public boolean getSecure()

Whether only secure means (https) should be used when sending this cookie to a server.

Returns:

whether this cookie should be secure or not

getName

public java.lang.String getName()

Get the name

Returns:

the Name

setValue

public void setValue(java.lang.String value)

Sets a new value.

Parameters:

value - The new value

getValue

public java.lang.String getValue()

Gets the value

Returns:

the Value

getVersion

public int getVersion()

Gets the version of this cookie. The current type of cookies have version = 1, according to rfc2109. There have been slightly different (netscape only) types of cookies, but these days everyone uses version 1. Fresh cookies however get a default version of 0, to improve interoperability.

Returns:

the version

setVersion

public void setVersion(int version)

Sets the version. The current type of cookies have version = 1, according to rfc2109. There have been slightly different (netscape only) types of cookies, but these days everyone uses version 1.

Parameters:

version - the version

clone

public java.lang.Object clone()

Clones the Cookie.

Overrides:

clone in class java.lang.Object

setHttpOnly

public void setHttpOnly(boolean isHttpOnly)

Marks or unmarks this cookie as HTTP-only. HTTP-only cookies are not supposed to be exposed to client side JavaScript.

Since:

3.0

See Also:

isHttpOnly

isHttpOnly

public boolean isHttpOnly()

Indicates whether this cookie has been marked as HTTP-only.

Since:

3.0

See Also:

setHttpOnly(boolean)