Cookie Support
This section covers the following topics:
Introduction
Cookies are a way of storing data on the client side. They have been used extensively for personalization of portal sites, user preference tracking, and logging into web sites. For enterprise customers using cookies in their web sites, cookie support in Java Plug-in facilitates deployment of client-side Java.
Cookie support allows a Java component to pass a cookie back to a web server if that cookie originated from the web server. This provides the server with information about the state of the client. Java Plug-in provides bidirectional cookie support.
How Java Plug-in Supports Cookies
Java Plug-in provides cookie support through the browser API. Because browsers on different platforms implement the browser's API differently, cookie support in Java Plug-in varies according to platform.
When a browser makes an HTTP/HTTPS request through a URL connection, it normally checks the cookie cache and policy to determine if a cookie should be sent along with the HTTP/HTTPS request header. If so, the browser will read the cookie from the cache and append the cookie as part of the HTTP/HTTPS request header.
When a browser processes the HTTP/HTTPS respond header through a URL connection, it will check the header to see if any cookies should be set. The browser also checks the cookie policy to determine if the action is allowed. If so, it will extract the cookie from the HTTP/HTTPS respond header and write it into the cookie cache.
When an HTTP/HTTPS request is made using Java Plug-in, Java Plug-in consults the browser to determine if a cookie should be sent along. If so, the HTTP/HTTPS request will contain the cookie as part of the header. Otherwise, the HTTP/HTTPS request will be sent with no cookie attached.
When a cookie needs to be set from the HTTP/HTTPS respond header, Java Plug-in uses the browser API to do so.
Cookie support in Java Plug-in is triggered transparently when an HTTP/HTTPS connection needs to be made.
Netscape 4 Limitation
When using Java Plug-in with Netscape 4, cookie support works only if the codebase is the same or a subdirectory of the document base. See examples in the table below:
Document Base Codebase Will It Work?http://host.com/my/ http://host.com/my/ Yes http://host.com/my/ http://host.com/my/page Yes http://host.com/my/page/ http://host.com/my/ No To ensure that cookie support in Java Plug-in always works as expected, the following is recommended:
- Use Internet Explorer or Netscape 6
- If use Netscape 4, avoid having your web server set cookies in an HTTP/HTTPS connection with an applet.
The above recommendations apply to an intranet environment, where deployment of browsers and web servers is controllable.
Cookie Policy Support in Java Plug-in
Java Plug-in supports all cookie policies that are supported in both Internet Explorer and Netscape Navigator. Cookie policy can be configured in both browsers (see your browser guide for details). There are various options, including the following:
- Always accept cookies
- Disable all cookie use
- Prompt/Warn before accepting a cookie
- Only accept cookies from a server if they get sent back to that server
When cookie policy is changed in the browser, it will take effect the next time an HTTP/HTTPS connection is made via Java Plug-in.
Java Plug-in does not provide cookie-caching support. Instead, it consults the browser every time an HTTP/HTTPS connection is made. Any change to a cookie in the browser is reflected immediately in Java Plug-in when a new HTTP/HTTPS connection is made.