Very few software features have caused as much public confusion and outcry as the HTTP cookie. Ethical and moral considerations aside, cookies allow a web server to store small amounts of data on client systems. Cookies are generally used to store basic user identification or configuration information. Because a cookie’s value can uniquely identify a client, cookies are often used for session tracking (although, as we’ll see shortly, the Servlet API provides higher-level support for this).
To create a cookie, the server (or, more precisely, a web
application running on the server) includes a
Cookie header with a specific value in an
HTTP response. The browser then transmits a similar header with that
value back to the server with subsequent requests, which are subject
to certain rules. The web application can use the cookie value to keep
track of a particular user, handle session tracking, and so forth.
header, the syntax for a cookie allows for multiple name/value pairs
in the overall cookie value.
The Servlet API includes a class,
javax.servlet.http.Cookie, that abstracts
cookie syntax and makes cookies easy to work with. In addition,
HttpServletResponse provides an
addCookie() method and
HttpServletRequest provides a
getCookies() method to aid in writing
cookies to and reading cookies from the HTTP headers, respectively. To
find a particular cookie, a servlet needs to read the entire
collection of values and look through it: