Cookies What is cookie Cookies are usually small

  • Slides: 11
Download presentation
Cookies

Cookies

What is cookie • Cookies are usually small text files, given ID tags that

What is cookie • Cookies are usually small text files, given ID tags that are stored on your computer's browser directory or program data subfolders. • It's created by a web application which the user access • Each cookies is unique for every web application and the user • In servlet, cookies is created using the request object • Can be used to track and keep information of the user who visit the web application or website.

Cookies and privacy issue • It's used to track user behaviour and visits. •

Cookies and privacy issue • It's used to track user behaviour and visits. • This is violating user's privacy • Nowadays website is required to tell the user about cookies and ask for their permission for allowing cookies to be used

Cookie operations • Servlet sends a simple name and value to client browser cookie

Cookie operations • Servlet sends a simple name and value to client browser cookie storage. • Client returns same name and value when it connects to same site (or same domain, depending on cookie settings). • Can be used to allow autologin or detecting new user • Can be used to save user's website preferences • background color • website layout etc

Typical Uses of Cookies • Identifying a user during an e-commerce session • Avoiding

Typical Uses of Cookies • Identifying a user during an e-commerce session • Avoiding username and password • Customizing a site • Focusing advertising • google Ad. Sense • targeted adss by learning what website the user visit, what they buy etc

Privacy and security issues • Servers can remember your previous actions • If you

Privacy and security issues • Servers can remember your previous actions • If you give out personal information, servers can link that information to your previous actions • Servers can share cookie information through use of a cooperating third party like Google Ad. Sense • Poorly designed sites store sensitive information like credit card numbers directly in cookie • Java. Script bugs let hackes steal cookies

Servlet Cookies API • Create a Cookie object. • Call the Cookie constructor with

Servlet Cookies API • Create a Cookie object. • Call the Cookie constructor with a cookie name and a cookie value, both of which are strings. Cookie c = new Cookie("user. ID", "a 1234"); • Set the maximum age. • To tell browser to store cookie on disk instead of just in memory, use set. Max. Age (argument is in seconds) c. set. Max. Age(60*60*24*7); // One week • Place the Cookie into the HTTP response • Use response. add. Cookie. • If you forget this step, no cookie is sent to the browser! response. add. Cookie(c);

Servlet Cookies API • Retrieving cookies • Cookie[] cookies = request. get. Cookies(); •

Servlet Cookies API • Retrieving cookies • Cookie[] cookies = request. get. Cookies(); • will return a cookie array • Iterate the cookie array and print the cookie name and value if (cookies != null) { for(int i=0; i<cookies. length; i++) { Cookie cookie = cookies[i]; out. println(cookie. get. Name()); out. println(cookie. get. Value()); } }

Servlet Cookies API • Searching for cookie • Direct access not possible, need to

Servlet Cookies API • Searching for cookie • Direct access not possible, need to iterate cookie array String cookie. Name = "login"; Cookie[] cookies = request. get. Cookies(); if (cookies != null) { for(int i=0; i<cookies. length; i++) { Cookie cookie = cookies[i]; if (cookie. Name. equals(cookie. get. Name())) { out. println(cookie. get. Value()); } } }

Servlet Cookies API • Deleting cookie //deleting cookies name login String cookie. Name =

Servlet Cookies API • Deleting cookie //deleting cookies name login String cookie. Name = "login"; Cookie[] cookies = request. get. Cookies(); if (cookies != null) { for(int i=0; i<cookies. length; i++) { Cookie cookie = cookies[i]; if (cookie. Name. equals(cookie. get. Name())) { cookies[i]. set. Value(null); cookies[i]. set. Max. Age(0); response. add. Cookie(cookies[i]); } } }