HttpServletRequest中得到的cookies除了name和value没有别的,别指望还有什么超时信息和路径。凭什么传给你?浪费带宽。
作废cookies不要从HttpServletRequest拿到cookies设置一个有效时间为0就可以,有的浏览器需要详细信息,否则不能生效,但是HttpServletRequest中得到的cookies是没有的。
cookies写入HttpServletResponse要在HttpServletResponse调用flush方法前,或在自动的flush前。因为浏览器接受数据是顺序的,head数据在body数据前。flush后数据就送出去了,再写head没有用了。
HttpServletResponse什么时候flush?那要看容器了,tomcat可以在server.xml文件中配置的,具体见:http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
The size (in bytes) of the buffer to be provided for input streams created by this connector. By default, buffers of 2048 bytes will be provided.
HttpServletResponse.sendRedirect(),HttpServletResponse.sendError(),
HttpServletResponse.flushBuffer(), PrintWriter.flush(), ServletOutputStream.flush(),会主动flush response或提交response。这个时候就无法写入cookie了。
cookie在浏览器中的数量和大小取决于浏览器,但是记住cookies的名字也算长度的。
两种输出方式:printwrite和ServletOutputStream都是有大小限制的,都可能自动flush,flush后都无法再写head。但是printwrite可以设置是否自动flush。
httponly根本不是w3c规范,是微软的,所以2.4以前的中没有,你可以自己加上这个参数。
Secure表示只有https的才能读取这个cookie。
以下的代码可以理解cookies变成head的过程:
/**
* Return the header name to set the cookie, based on cookie version.
*/
public static String getCookieHeaderName(int version) {
// TODO Re-enable logging when RFC2965 is implemented
// log( (version==1) ? "Set-Cookie2" : "Set-Cookie");
if (version == 1) {
// XXX RFC2965 not referenced in Servlet Spec
// Set-Cookie2 is not supported by Netscape 4, 6, IE 3, 5
// Set-Cookie2 is supported by Lynx and Opera
// Need to check on later IE and FF releases but for now...
// RFC2109
return "Set-Cookie";
// return "Set-Cookie2";
} else {
// Old Netscape
return "Set-Cookie";
}
}
// TODO RFC2965 fields also need to be passed
public static void appendCookieValue(StringBuilder buf, int version, String name, String value, String path,
String domain, String comment, int maxAge, boolean isSecure, boolean isHttpOnly) {
// Servlet implementation checks name
buf.append(name);
buf.append("=");
// Servlet implementation does not check anything else
version = maybeQuote2(version, buf, value, true);
// Add version 1 specific information
if (version == 1) {
// Version=1 ... required
buf.append("; Version=1");
// Comment=comment
if (comment != null) {
buf.append("; Comment=");
maybeQuote2(version, buf, comment);
}
}
// Add domain information, if present
if (domain != null) {
buf.append("; Domain=");
maybeQuote2(version, buf, domain);
}
// Max-Age=secs ... or use old "Expires" format
if (maxAge >= 0) {
if (version > 0) {
buf.append("; Max-Age=");
buf.append(maxAge);
}
// IE6, IE7 and possibly other browsers don't understand Max-Age.
// They do understand Expires, even with V1 cookies!
if (version == 0 || ALWAYS_ADD_EXPIRES) {
// Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format )
buf.append("; Expires=");
// To expire immediately we need to set the time in past
if (maxAge == 0) {
buf.append(ancientDate);
} else {
buf.append(OLD_COOKIE_FORMAT.get().format(new Date(System.currentTimeMillis() + maxAge * 1000L)));
}
}
} else {
// RFC2965 Discard
if (version > 0) {
buf.append("; Discard");
}
}
// Path=path
if (path != null) {
buf.append("; Path=");
if (version == 0) {
maybeQuote2(version, buf, path);
} else {
maybeQuote2(version, buf, path, ServerCookie.tspecials2NoSlash, false);
}
}
// Secure
if (isSecure) {
buf.append("; Secure");
}
// HttpOnly
if (isHttpOnly) {
buf.append("; HttpOnly");
}
}
979
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
