Show TOC

Background documentationServlet-defined Cookies Locate this document in the navigation structure

 

If you define specific cookies in your servlet, you may have to consider the following guidelines:

  • If you use a cookie that is transmitted by both HTTP and HTTPS, be aware of the different ports that the AS Java listens to for each of the above types of request. As a cookie is associated with the host and port of the server it is sent to, a different cookie will be sent by the browser for the two different ports. You can prevent this by adding a domain attribute to your cookie.

  • Do not store a lot of parameters in a cookie. As an alternative, you may consider storing these parameters into a session.

  • Do not use cookies with the same name (even if they have different domain and path attributes). This may lead to inappropriate behavior because you may not be able to distinguish between the two cookies in a client request. This is because the browser generally does not send the cookies' attributes with the request and sends the cookies in a random order.

  • When setting HTML links and sending a redirecting response (the value of the Location header) in your application, you must make sure that they refer to the same host name and port. This is the case when your AS Java uses the default HTTP port (which is 80) for HTTP requests. Therefore, if you use http://hostname/ and http://hostname:80/ in your redirecting responses or HTML links, the browser treats them as different hosts and sends two different cookies in each case. An alternative way of changing this browser behavior is to set a domain attribute of the cookie.