If logging is all you're after, then I suggest writing an implemention of javax.servlet.Filter which wraps the supplied HttpServletResponse in a wrapper which allows you to expose the cookies after the filter executes. Something like this:
public class CookieLoggingFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException ,ServletException {
ResponseWrapper wrappedResponse = new ResponseWrapper((HttpServletResponse) response);
filterChain.doFilter(request, wrappedResponse);
// use a real logger here, naturally :)
System.out.println("Cookies: " + wrappedResponse.cookies);
}
private class ResponseWrapper extends HttpServletResponseWrapper {
private Collection<Cookie> cookies = new ArrayList<Cookie>();
public ResponseWrapper(HttpServletResponse response) {
super(response);
}
@Override
public void addCookie(Cookie cookie) {
super.addCookie(cookie);
cookies.add(cookie);
}
}
// other methods here
}
One big caveat: This will not show you what cookies are sent back to the browser, it will only show you which cookies the application code added to the response. If the container chooses to change, add to, or ignore those cookies (e.g. session cookies are handled by the container, not the application), you won't know using this approach. But that may not matter for your situation.
The only way to be sure is to use a browser plugin like Live Http Headers for Firefox, or a man-in-the-middle HTTP logging proxy.