Java Servlet/JSP Cookie Disconnect

views:

691

answers:

Java Servlet/JSP Cookie Disconnect

Hey guys.

I'm having a strange issue with cookie visibility between an authentication servlet and our actual jsp. We're using a servlet to authenticate that the user is a valid user, and if they are, we go ahead and add a cookie to the HttpServletResponse with their referer url (this is so that integrations can be redirected to their own login page on logout). Logout operations go through the same servlet, and the cookie is retrieved, and the user directed back to the stored cookie url. This all works.

However, within my site, if I print out the cookies pulled through the pageContext.getRequest().getCookies() [Or through firebug's console] I do not find the cookie I stored at all. There's literally no trace of it. Yet, when you click the logout link, and are directed back to the authentication servlet, the cookie is found, and the redirect followed accordingly.

The thing is, I need to handle timeout operations in the same ways as logouts, but the timeout check is external to the servlet, in a jsp tag. Since the timeout can't find the cookie, it's just using the standard timout page, which the integrating customer wouldn't want to see.

Any ideas what's going on here?

[ANSWER] It turned out to be a path issue. I know I didn't paste any code, but I was creating the cookie without setting a path, so the cookie was only visible within the servlet directory. Once I set a path of "/" the cookie was visible throughout the site.

+1 A:

When you say "within my site", does that mean that your site is deployed on a different (sub) domain? Cookies by default are only visible to host they were set from, meaning cookie that was set from "www.example.com" will not be visible to "other.example.com". You can get around that by explicitly specifying cookie domain to be common for both (e.g. "example.com").

ChssPly76 2009-07-16 18:39:56

No, it's all on the same domain. the servlet resides in its own directory though, while the jsp pages are served out of root

Gopherkhan 2009-07-16 18:56:48

+1 A:

How are you doing this redirect?

RequestDispatcher's forward method takes request and response objects, presumably the ones you were already working with. This means that the request object is the same HttpServletRequest object that you were dealing with in the Servlet.

R. Bemrose 2009-07-16 19:00:02

I'm actually using HttpServletResponse's sendRedirect(...). So I'd use that in the servlet to redirect to the main site after authenticating and storing the cookie? I'll try it out.

Gopherkhan 2009-07-16 19:08:00

Awesome. That worked. Thanks.

Gopherkhan 2009-07-16 19:22:17

However, going to any subsequent page, even without a redirect, loses the cookie... Still working on that part.

Gopherkhan 2009-07-16 21:58:05

Actually, it turned out to be a path issue. I know I didn't paste any code, but I was creating the cookie without setting a path, so the cookie was only visible within the servlet directory. Once I set a path of "/" the cookie was visible throughout the site.

Gopherkhan 2009-07-21 16:05:24

ansaurus

tags:

views:

answers:

Java Servlet/JSP Cookie Disconnect

related questions