CODEWITHSUNDEEP
javacookiesbrowsersession-cookies
Abhishek
Abhishek

Reputation: 462

Why browser is able to view a cookie with max age 0 and programming language is not?

Why is that a browser is able to view a expired cookie but if you want to access the same with programming language it is unable to access?

If the cookie has expired then why it is visible in browser, all the data and information is also visible. But same cant be achieved with programming.

Somewhere I think it is a newbie question but i wanted to know the functionality behind how our code access a cookie and how a browser access a cookie.

Note :- Please explain in detail with valid examples.

Controller :-

Cookie ck =  new Cookie("data", "data");
ck.maxAge = 0;
response.addCookie(ck);

And the response recieved by the page :-

<% for(coki in request.getCookies()){
    System.out.println(coki.name);
    System.out.println(coki.value);
    } %>

Upvotes: 5

Views: 2761

Answers (2)

Joeri Hendrickx
Joeri Hendrickx

Reputation: 17445

Your controller is adding the cookie to the response, but in your page you're trying to read it from the request.

(I'm assuming here your controller is backing that same page)

You will see it in the browser because the browser receives the cookie in the response. If you want to visualize it in the page, you would need to get them from the response. But there's no getCookies method on the response since that is not how they're supposed to be used.

Browser                   Page                    Controller
   | --------req------------+------------------------>|
   |                        |                         | {controller adds cookie to response}
   |                        |<-----req,res+cookie-----|
   |                        |                         | {page renders cookies from request}
   |                        |                         | {but there are none}
   |<------res+cookie-------|                         |
   |                        |                         |
   |--------req#2-----------+------------------------>| {subsequent requests arrive without
                                                         cookie since it expired}

Upvotes: 2

Jesus Zavarce
Jesus Zavarce

Reputation: 1759

This is normal, generally when a cookie has expired, the browser does not send that particular cookie to the server with the page request. The expired cookie is deleted and depending on the browser and the user's personal settings you could see or not this cookie. Take in mind that client can configure the browser in such a way that the cookie persists, even if it's expired.

As @Joeri Hendrickx said, you add the cookie to the response. That is normal, you should use the response object to create the response.

Normally, when you send your page to the server the request contain the cookies.

But you are setting this cookie with maxAge = 0and when the browser send again your page, it doesn't send this cookie with the request because the cookie has expired. So your object request not contain the cookie data.

For this reason you can't view this cookie in your programming language.

If you set an expiration time on a cookie, it expires at that time, not when the browser as closed. The browser isn't going to send you back an expired cookie, even if it was just set immediately before.

Setting the expiration in the past is a common method to delete a cookie that already exists with the same name. If a cookie has expired... it's expired. It gets thrown out, not sent to the server.

If you want to get the cookie back, set an expiration in the future.

Upvotes: 1

Related Questions