实验用的浏览器firefox,并安装了HttpFox插件,以sniffer网络报文的。
【请求】
(Request-Line) GET /HelloWorld/cookiebase.do HTTP/1.1
Host localhost:8080
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language zh-cn,zh;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
【响应】
(Status-Line) HTTP/1.1 200 OK
Server Apache-Coyote/1.1
Set-Cookie ssoSessionId=fa455d31-38d3-4fc5-bb09-b55ffce22ad5 (通过UUID生成的)
(注:尽管服务端在设置cookie时并没有指定域名,路径和有效期;此时,浏览器会去默认值。
Name Value Path Domain Expires
ssoSessionId fa455d31-38d3-4fc5-bb09-b55ffce22ad5 / localhost:8080 End Of Session (-1 表示关闭浏览器后则结束)
注意:浏览器要管理来自各个站点的cookie,所以,要给每个cookie用一个Domain来标识是来自哪个站点的。
)
Transfer-Encoding chunked
Date Sat, 14 Feb 2009 08:31:23 GMT
==================================================
【请求】 (ssoSessionId被重置)
(Request-Line) GET /HelloWorld/cookiebase.do HTTP/1.1
Host localhost:8080
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language zh-cn,zh;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Cookie ssoSessionId=fa455d31-38d3-4fc5-bb09-b55ffce22ad5 (上一次保存下来的ssoSessionId)
Cache-Control max-age=0
【响应】
(Status-Line) HTTP/1.1 200 OK
Server Apache-Coyote/1.1
Set-Cookie ssoSessionId=8d934ed9-e359-4d92-ba65-335fdc284322 (服务端重新生成了一个UUID,浏览器接收后会覆盖原来的ssoSessionId)
Transfer-Encoding chunked
Date Sat, 14 Feb 2009 08:36:07 GMT
==========================================
服务端人为把cookie设置成一个虚假的Domain和Path. 这样,浏览器接
String newSsoId = generateID();
Cookie tCookie = new Cookie(SSO_SESSION_ID,newSsoId);
tCookie.setDomain(".cookie.fundamental");
tCookie.setPath("/cookie/path/");
第一次访问: http://localhost:8080/HelloWorld/cookiebase.do
【1、 请求】
(Request-Line) GET /HelloWorld/cookiebase.do HTTP/1.1
Host localhost:8080
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language zh-cn,zh;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
【2、响应】
(Status-Line) HTTP/1.1 200 OK
Server Apache-Coyote/1.1
Set-Cookie ssoSessionId=67c4f682-2f20-4286-be88-d26f6fee6c54; Domain=.cookie.fundamental; Path=/cookie/path/
(注意: 浏览器对于这种虚假的Domain不会接收,在firefox中的cookie管理器中看不到域.cookie.fundamental的cookie信息。
推测: 如果看cookie的rfc,那么这个Domain和Path应该主要是给浏览器用的。)
Transfer-Encoding chunked
Date Sat, 14 Feb 2009 09:13:37 GMT
=============================================================
持久的Cookie 设置了cookie的MaxAge等于一个小时
【1、请求】
(Request-Line) GET /HelloWorld/cookiebase.do HTTP/1.1
Host localhost:8080
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language zh-cn,zh;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
【2、响应】
(Status-Line) HTTP/1.1 200 OK
Server Apache-Coyote/1.1
Set-Cookie ssoSessionId=8ddb8c01-a265-4b3f-a7b4-4feee80dbfc3; Expires=Sat, 14-Feb-2009 10:37:41 GMT
Transfer-Encoding chunked
Date Sat, 14 Feb 2009 09:37:41 GMT
关闭浏览器,注意:同时浏览器的cookie设置方面应该设置成“依据有效期使cookie失效果”。打开时,我们再访问刚才的url。
【3、请求】
(Request-Line) GET /HelloWorld/cookiebase.do HTTP/1.1
Host localhost:8080
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language zh-cn,zh;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Cookie ssoSessionId=ed6862c1-4c13-4527-93de-0c4a21e74060
【4、响应】
(Status-Line) HTTP/1.1 200 OK
Server Apache-Coyote/1.1
Set-Cookie ssoSessionId=9574abbf-35e3-43f9-8642-095644139aac; Expires=Sat, 14-Feb-2009 10:43:54 GMT
Transfer-Encoding chunked
Date Sat, 14 Feb 2009 09:43:54 GMT
(人们常常说,“持久的cookie”,其实只是表示“cookie是可以被客户端持久化下来的,但是设置的MaxAge不同,持久的时间不同,如果MaxAge=-1则表示浏览器一关闭,Cookie信息就删除”。注意,有些浏览器的cookie信息是可以编辑的。IE可以通过编辑文件来编辑,而Opera则可直接通过cookie管理器来编辑。
同一个站点设置两个cookie,然后过期时间不同。)
(Request-Line) GET /HelloWorld/cookiebase.do HTTP/1.1
Host localhost:8080
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language zh-cn,zh;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
某个请求的响应,我们再把浏览器关闭,看看请求。
(Status-Line) HTTP/1.1 200 OK
Server Apache-Coyote/1.1
Set-Cookie ssoSessionId=5daf8657-5cb0-4fcb-b01d-aef789360ac4; Expires=Sat, 14-Feb-2009 11:00:24 GMT
Set-Cookie quit=QUIT (包头中有两个:Set-Cookie)
Transfer-Encoding chunked
Date Sat, 14 Feb 2009 10:00:24 GMT
关闭浏览器,看ssoSessionId是不是依然会保存,而quit是不是没有了。
(Request-Line) GET /HelloWorld/cookiebase.do HTTP/1.1
Host localhost:8080
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language zh-cn,zh;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Cookie ssoSessionId=4bca407e-c50d-4a1d-9e66-7fdc886a6a51 (quit这个cookie已经没有了)
============================
package com.eyesmore.sessiontracking;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CookieFundamental extends HttpServlet {
private static final long serialVersionUID = -5446885073873015943L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String oldSsoId = getCookieValue(SSO_SESSION_ID, request);
String newSsoId = generateID();
Cookie tCookie = new Cookie(SSO_SESSION_ID,newSsoId);
// tCookie.setDomain(".cookie.fundamental");
// tCookie.setPath("/cookie/path/");
tCookie.setMaxAge(60*60);//1小时,观察当浏览器退出时,该cookie信息会不会被持久化到文件
response.addCookie(tCookie);
Cookie quitCookie = new Cookie("quit","QUIT");
// quitCookie.setMaxAge(-1); 默认值-1,表示退出浏览器时,则删除该cookie
response.addCookie(quitCookie);
PrintWriter writer = response.getWriter();
if(oldSsoId != null) {
writer.write("Cookie you sent: Name="+SSO_SESSION_ID+" Value="+oldSsoId+"<br>");
} else {
writer.write("No such a cookie named "+SSO_SESSION_ID+" you sent."+"<br>");
}
writer.write("Cookie you received: Name="+SSO_SESSION_ID+" Value="+newSsoId+"<br>");
writer.flush();
}
private String generateID() {
return UUID.randomUUID().toString();
}
private static final String SSO_SESSION_ID = "ssoSessionId";
private String getCookieValue(String name,HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if(cookies != null) {
for (Cookie cookie : cookies) {
if(cookie.getName().equals(name)) {
return cookie.getValue();
}
}
}
return null;
}
}