I realize that invoking setMaxAge(0) for a cookie causes the cookie to be deleted. But since such deletions obviously cannot be instantaneous, is it possible for a server to retrieve such a cookie during its next interaction with the client?
Created May 4, 2012
Let's say your browser is pointing to a servlet that creates and deposits on the client side a cookie whose maximum age was set to zero by the server. The cookie will still be available for a short length of time after the server has processed the original browser request from the client. This can be checked by hitting the reload button on the client browser.The practical implications of this observation are that there can be a measurable latency associated with the demise of a cookie for which the server has invoked setMaxAge(0). During this latency, the cookie is still available to the server for the next request from the client.
As my test example reveals, this latency is not caused by server-client
propagation delays. This latency is between the moment a client
receives notification that the cookie is to be deleted and the moment
the client actually deletes the cookie.
I have tested this observation under the following conditions:
Here is the code for the servlet:
If you hit the reload button on the browser repeatedly, when the server
successfully retrieves the cookie the client browser will show the following
information output by the servlet:
Cookie Information
and, when the server is not able to retrieve the cookie, you'll see just
status retrieved
Cookie Information
Also, you'll see the following messages in the Tomcat window on the
server side as you hit the reload button repeatedly on the client
browser. Whether you see a 0 or a 1 for the number of cookies returned
depends on whether or not the cookie is retrieved by the server.
Number of cookies retrieved: 0
Number of cookies retrieved: 1
Number of cookies retrieved: 1
Number of cookies retrieved: 0
Number of cookies retrieved: 0
Number of cookies retrieved: 0
Number of cookies retrieved: 1
Number of cookies retrieved: 1
Number of cookies retrieved: 1
....
....
This output on the server side is a sampling from a particular run.
The number of times 0's and 1's show up would vary from run to run.
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class TestZeroLifespan extends HttpServlet {
public void doGet (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
Cookie cookie = new Cookie( "status", "retrieved" );
cookie.setMaxAge( 0 );
response.setContentType("text/html");
response.addCookie( cookie );
Cookie cookies[] = request.getCookies();
System.out.println( "Number of cookies retrieved: " + cookies.length );
PrintWriter out = response.getWriter();
out.println("<html>" +
"<head><title>Cookie Information</title></head>" +
"<body bgcolor="#FFFFFF">" +
"<h1>Cookie Information</h1><table>");
if (cookies != null) {
for(int i=0, n=cookies.length; i < n; i++) {
out.println ("<tr><td>" + cookies[i].getName() + "</td>");
out.println ("<td>" + cookies[i].getValue() + "</td></tr>");
}
}
out.println("</table></body></html>");
out.close();
}
}