HttpSession之Cookie

参考连接：https://www.studytonight.com/servlet/storing-session-using-cookies.php

• Cookie are small pieces of information that are sent in response from the web server to the client. 
• Cookie are the simplest technique used for storing client state.
• Cookie are stored on client's computer. They have a lifespan and are destroyed by the client browser at the end of that lifespan.

即Cookie是web container生成的，存储一小块信息，是web container经过response返回给client的，Cookie存储在client的浏览器中，它有个存活时间，到时间了就会被浏览器销毁。

Cookie有个缺点就是，若是Cookie被存储在浏览器中了，那么它是不能被修改的，由于浏览器不容许修改Cookie。

public class Cookie implements Cloneable, Serializable {

    private static final long serialVersionUID = -6454587001725327448L;

    private static final String TSPECIALS;

    private static final String LSTRING_FILE =
        "javax.servlet.http.LocalStrings";

    private static ResourceBundle lStrings =
        ResourceBundle.getBundle(LSTRING_FILE);

    static {
        if (Boolean.valueOf(System.getProperty("org.glassfish.web.rfc2109_cookie_names_enforced", "true"))) {
            TSPECIALS = "/()<>@,;:\\\"[]?={} \t";
        } else {
            TSPECIALS = ",; ";
        }
    }
    
    //
    // The value of the cookie itself.
    //
    
    private String name;	// NAME= ... "$Name" style is reserved
    private String value;	// value of NAME

    //
    // Attributes encoded in the header's cookie fields.
    //
    
    private String comment;	// ;Comment=VALUE ... describes cookie's use
				// ;Discard ... implied by maxAge < 0
    private String domain;	// ;Domain=VALUE ... domain that sees cookie
    private int maxAge = -1;	// ;Max-Age=VALUE ... cookies auto-expire
    private String path;	// ;Path=VALUE ... URLs that see the cookie
    private boolean secure;	// ;Secure ... e.g. use SSL
    private int version = 0;	// ;Version=1 ... means RFC 2109++ style
    private boolean isHttpOnly = false;

                                       图1 servlet-3.0.1 中的Cookie属性，支持HTTP/1.0和HTTP/1.1

    Cookie中的name，多个Cookie时，name容许重复，可是这个value是全局惟一的，这个value的值就是咱们平时所说的HttpSession ID。

下面的图2是在Chrome中截图的：

                                                      图2 Chrome中截的Cookie信息

下面的图3，原图地址。

                                图3  建立Cookie、设置属性

在Servlet中，能够在HttpServletResponse中经过addcookie()方法添加Cookie到response中，将cookie返回给client的browser。

在Servlet中，能够在HttpServletRequest中，经过getCookies()方法，得到全部的Cookie。

来看下Tomcat8中，HttpServletResponse的addCookie()是怎么实现的，具体能够看下org.apache.catalina.connector.Response的实现，以下图4所示：

@Override
    public void addCookie(final Cookie cookie) {

        // Ignore any call from an included servlet
        if (included || isCommitted()) {
            return;
        }

        String header = generateCookieString(cookie);
        //if we reached here, no exception, cookie is valid
        // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
        // RFC2965 is not supported by browsers and the Servlet spec
        // asks for 2109.
        addHeader("Set-Cookie", header);
    }

                                               图4 HttpServletResponse的addCookie方法   

     在generateCookieString(cookie)中，会将Cookie中的属性拼接为String类型，以后经过addHeader("Set-Cookie", header)，将Cookie信息放入Response的Header。

     HttpServletResponse的addCookie(Cookie)能够被屡次调用，这样就能够设置多个Cookie到同一个Response中。