I realize that invoking setMaxAge(0) for a cookie causes the cookie to be deleted. But since such deletions obviously cannot be instantaneous, is it possible for a server to retrieve such a cookie during its next interaction with the client?

Avi Kak

The answer is yes. My answer is based on the following interesting observation I made concerning the lifespan of a cookie for which the server has invoked the setMaxAge method with zero argument:

Let's say your browser is pointing to a servlet that creates and deposits on the client side a cookie whose maximum age was set to zero by the server. The cookie will still be available for a short length of time after the server has processed the original browser request from the client. This can be checked by hitting the reload button on the client browser.
The practical implications of this observation are that there can be a measurable latency associated with the demise of a cookie for which the server has invoked setMaxAge(0). During this latency, the cookie is still available to the server for the next request from the client.

As my test example reveals, this latency is not caused by server-client propagation delays. This latency is between the moment a client receives notification that the cookie is to be deleted and the moment the client actually deletes the cookie.

I have tested this observation under the following conditions:

  1. A Solaris machine running Tomcat 3.1 as a stand-alone server and a Windows NT machine as a client on which the Netscape browser pointed to http://rvl2.ecn.purdue.edu:8080/test-suite/servlet/TestZeroLifespan
  2. On a Windows NT machine with the browser pointing to http://localhost:8080/test-suite/servlet/TestZeroLifespan
If you hit the reload button on the browser repeatedly, when the server successfully retrieves the cookie the client browser will show the following information output by the servlet:
   Cookie Information
   status retrieved  
and, when the server is not able to retrieve the cookie, you'll see just
   Cookie Information

Also, you'll see the following messages in the Tomcat window on the server side as you hit the reload button repeatedly on the client browser. Whether you see a 0 or a 1 for the number of cookies returned depends on whether or not the cookie is retrieved by the server.

      Number of cookies retrieved: 0
      Number of cookies retrieved: 1
      Number of cookies retrieved: 1
      Number of cookies retrieved: 0
      Number of cookies retrieved: 0
      Number of cookies retrieved: 0
      Number of cookies retrieved: 1
      Number of cookies retrieved: 1
      Number of cookies retrieved: 1

This output on the server side is a sampling from a particular run. The number of times 0's and 1's show up would vary from run to run.

Here is the code for the servlet:

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class TestZeroLifespan extends HttpServlet {

  public void doGet (HttpServletRequest request, HttpServletResponse response) 
           throws ServletException, IOException 
    Cookie cookie = new Cookie( "status", "retrieved" );

    cookie.setMaxAge( 0 );    


    response.addCookie( cookie );

    Cookie cookies[] = request.getCookies();

    System.out.println( "Number of cookies retrieved: " + cookies.length );    

    PrintWriter out = response.getWriter();
    out.println("<html>" +
      "<head><title>Cookie Information</title></head>" +
      "<body bgcolor="#FFFFFF">" +
      "<h1>Cookie Information</h1><table>");
    if (cookies != null) {
      for(int i=0, n=cookies.length; i < n; i++) {
        out.println ("<tr><td>" + cookies[i].getName() + "</td>");
        out.println ("<td>" + cookies[i].getValue() + "</td></tr>");
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



About | Sitemap | Contact
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.