Thanks for your reply! My question regards on best practices on user authentication management. So, cookies is really the best choice, since my application offers authentication/authorization service, isnt it? Thanks again, Euclides.
-----Mensagem original----- De: Brett Neumeier [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 3 de julho de 2003 18:27 Para: 'Tomcat Users List' Assunto: RE: off-topic: please, help needed with cookie question Jose Euclides da Silva Junior wrote: > if any servlet generate a cookie object ( during http connection, > of course), so it will always store this cookie on the client > side ( the user' browser) , which called the servlet >( of course). Is it right? If yes, what happens if the browser > doesnt accept cookies? That's not exactly right. Servlets can't actually store cookies on the client; all they can do is return an HTTP response to the client. If a servlet creates a Cookie object and adds it to the HttpServletResponse, then the HTTP response sent to the client will include a "Set-Cookie" header. For example: public class MyServlet extends HttpServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) { // ... resp.addCookie(new Cookie("foo", "bar")); // ... } } When a GET request is received by this servlet, the HTTP response will contain a header like this: Set-Cookie: foo=bar Now, the rest of the question is, what does the client do as a result? There are two possibilities. First, if the client is configured to accept cookies, then future requests to this servlet will include a HTTP header like: Cookie: foo=bar The servlet container will parse this header line and make it available in the HttpServletRequest via the getCookies method. Second, if the client is NOT configured to accept cookies, then future requests to this servlet will not include the above HTTP header line, so the HttpServletRequest object's getCookies method will return an empty array. Does that make sense? Does that answer your question? Cheers, bn --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
