Now let's take a look at Servlet Infrastructure. After this lesson you should be able to describe the purpose and behavior of cookies, demonstrate how cookies are passed via HTTP headers behind the scenes, and define at least one approach, we're actually going to look at two, for examining HTTP headers, and finally explain the URL rewriting as an option for cookies, like what do I do if people have cookies turned off in their browser. What are cookies? Cookies are simply name value strings sent from the server to the client. We're just going to be able to pass a little information and keep track a little bit of our clients as they're coming back. The browser will store a cookie in a memory and send it back to the server with each request. Notice the round trip. The response will initially send the name value pair from the server and then the browser will store that in memory and send it back to the server with each request. It's generally used to provide client specific customizations, things like search results or we can even use it to reuse customer's names or reference numbers or things like that just to make the experience with our server and our application a bit more personable, if you will. To do that as a programmer you're going to use the cookie class on the server side but they're actually sent behind the scenes as HTTP headers, and you can see some examples there. So a server would send the cookie to the client as a response header that looks something like this and then the client, aka browser, would send the cookie back to the server as a request header, something like that. Let's take a look at a response request header and see what's going on behind the scenes. This was our initial request, and you'll notice there's no cookie in this initial request, that's been sent to our server. Then the server responds but the server responds by, in this case, sending a cookie back to the client and then once that happens on the next request, the cookie is sent back to the server. You can see the value being sent back to the server there. How long do cookies live? Well, by default they live as long as the client, when the browser is gone, the cookies are gone, they just simply go away. But as a programmer, you can customize this via the max-age property of the cookie. In this case we can set the max age and this is represented by the number of seconds the cookie has to live, if you will. If it's a negative value, it will be exactly like the default behavior described above, when the browser quits the cookies are gone. If we put a zero in there, it'll actually delete the cookie, and we can also read the max age via the getMaxAge method as well, and by default it'll return negative one as we mentioned. However, what if the cookies age exceeds the lifetime of a browser, or put another way, what if we want the cookie to stick around after the browser is gone? The browser memory will get erased, so it stores the cookie locally in a file and all we have to do to make that happen is set the max age to a positive number. In this case typically people will set it to a year or something like that. But that's the reason that some cookies get persisted to a file. How do we do that? Well, first of all just to send a cookie over to a client, we use this basic code here. We instantiate a new cookie and we'll add a notice to the response, add cookie method will pass in our instance of a cookie. Now what if I want to store it in such a way that it outlives the browser session? Well, it's similar to before. We make a new cookie, put in our key value pairs, but this time we're going to set the max age to something longer and in this case this is one year or 365 days times 24 hours times 60 minutes times 60 seconds or the number of seconds in a year, so this cookie will then, once added to the response be stored on the client machine after the browser expires. Then how do we get them back? Well, this becomes a little bit trickier. While the requests will send it back to my server when that URL is requested, it is difficult to get the exact cookie. What we get is we get an array of cookies from that request and then we have to loop through them until we find the one we're interested in. In other words, there's no get cookie for a particular map key. The code looks something like this. We get our array of cookies. In this case we're going to create a little local variable name value here and make sure cookies is a null and then we're going to do a for each or loop through the cookies and if we find the one we want, in this case, we're calling it search results, so that cookie came back, then we will assign it to our local variable value and of course code on from there to use it as we need it. What about if people have cookies turned off? Because you are allowed to disable cookies in your browser, you may have done that yourself. If the Set-Cookie headers and the response are ignored we need another way to persist an idea across request. Well, we can modify each response to include identifying information in the URL, so basically we're making a query string that includes an idea of something. They look something like this and when we're processing requests we can retrieve that identifying info, "Hey we know that we sent you ID 45." That's the basic idea behind URL rewriting although it can get a little complex. Your container may be configured to automatically switch to URL rewriting if cookies are disabled. These days that can be the default for many containers even. For this to work you have to use the encode URL method in your response, so you'll notice here we doing an out dot print line but then we're saying response.encodeURL so that if the browser has cookies turned off, then URL rewriting will happen. If cookies are enabled, encode URL does nothing, same behavior as before. If cookies are disabled and URL rewriting is being used, the container will automatically add the identifying information to the URL. Do remember this won't work for static HTML pages because session IDs are generated at run-time and HTML pages are static. These are available in Java Server Pages which we'll look at a bit later, but just remember that URL rewriting won't work with static HTML pages.
