Skip to Content Sun Java Solaris Communities My SDN Account

SDN Home > Products & Technologies > Java Technology > J2EE > JDBC >

Java Plug-in 1.2.2 Documentation

How Cookie Support Works in Java Plug-in

Print-friendly Version

Java Plug-in Home Page
Other Java Plug-in Documentation

- Introduction
- How Java Plug-in supports cookies
- Cookie policy support in Java Plug-in
- Cookies and disk caching
- Cookies and security
- Conclusion
- More Information

Introduction

Cookies are a way for data to on the client side. It has been used extensively for personalization of portal sites, user preference tracking, or logging into web sites. For enterprise customers who are using cookies in their web sites, cookie support in Java Plug-in is essential to make deploying Java applets or JavaBeans easier.

Cookie support allows applets or JavaBeans to access the web server by passing back the cookie that corresponds to the web server, so the state of the client side data can be preserved correctly. Java Plug-in provides uni-directional cookie support according to how the cookie policy is configured in the browser. This document specifies how cookie works in different browser environments.

How Java Plug-in Supports Cookies

Java Plug-in supports Internet Explorer and Netscape Navigator on various Win32 platforms and Solaris platforms. Java Plug-in 1.2.2 provides cookie support by using the browser's application interface (API) to access cookie information. Because browsers on various platforms implement the browser's API differently, the cookie support in Java Plug-in varies in each platforms. You will want to know how each browser supports cookies and how Java Plug-in accesses the cookie information.

When a browser needs to make an HTTP request through a URL connection, it will normally check the cookie cache and cookie policy to see if a cookie needs to be sent along with the HTTP request header. If so, the browser will read the cookie from the cache and append the cookie as part of the HTTP request header.

When a browser processes the HTTP respond header through a URL connection, it will check the header to see if any cookies need to be set. The browser will also check the cookie policy to determine if the action is allowed. If so, it will extract the cookie from the HTTP respond header and write it into the cookie cache.

Java Plug-in 1.2.2 provides cookie support by using the browser's application interface (API). Because of the limitation of the browser's API, Java Plug-in only provides uni-directional cookie support. In other words, Java Plug-in will be able to read cookie information from the browser and send it along with the HTTP request header, but it will not be able to write cookie information to the browser by extracting cookie information from the HTTP respond header.

When an HTTP request is made using Java Plug-in, Java Plug-in will consult the browser to determine whether a cookie should be sent along. If so, the HTTP request will contain the cookie as part of the headers. Otherwise, the HTTP request will be sent with no cookie attached.

However, it is different when a cookie needs to be set from the HTTP respond header in Java Plug-in. In this case, because of the browser's API limitation, the cookie in the HTTP header will not be allowed to be written back into the browser's cookie cache.

There is another limitation when using cookie support in Java Plug-in. When using Java Plug-in in Netscape Navigator, cookie support will work only if the document base of the HTML page is part of the codebase of the applets or JavaBeans. For example:

Document base	Codebase	Will it work?
http://host.com/my/	http://host.com/my/	Yes
http://host.com/my/	http://host.com/my/page	Yes
http://host.com/my/page/	http://host.com/my/	No

Cookies will only be sent in Java Plug-in for Netscape Navigator if these requirements are met. There is no such limitation in Java Plug-in for Internet Explorer. Cookies will always be sent properly.

Currently, cookie support in Java Plug-in is triggered automatically when a HTTP connection needs to be made.

HTTPS support in Java Plug-in 1.2.2 provides bi-directional cookie support. HTTPS is entirely implemented using the browser's API and cookies are handled automatically by the browser.

To ensure cookie support in Java Plug-in will always work as expected, we recommend the following:

make sure the document base is part of the codebase of the applet
make sure cookie policy is set correctly
your web server should not set cookies in the HTTP connection from the applet

For more general information about how cookies work, please consult the user guide of your browser.

Cookie Policy Support in Java Plug-in

Java Plug-in supports all cookie policies that are supported in both Internet Explorer and Netscape Navigator. The cookie policy can be configured in the user preference dialog in both browsers. Currently, four different kinds of cookie policies are supported:

Always accept cookies
Disable all cookie use
Prompt/Warn before accepting a cookie
Accept only cookies that get sent back from the originating server

When the cookie policy is changed in the browser, it will take effect the next time an HTTP connection needs to be made from Java Plug-in.

To address the dynamic nature of cookies, Java Plug-in does not provide any cookie caching support. Instead, it will consult the browser every time an HTTP connection is made. As a result, the browser itself is the only place where the cookies are stored. Any change with the cookie in the browser will get reflected in Java Plug-in immediately when a new HTTP connection is made.

For more information about the cookie policy in your browser, please consult the user guide of your browser.

Cookies and Disk Caching

Java Plug-in provides disk caching support through the browser's API. It is triggered whenever a .jar/.class file is downloaded through HTTP. If disk caching support is triggered, the file will be downloaded entirely by the browser. As a result, cookie will be handled automatically by the browser in this case.

Cookies and Security

Although cookies are sent when an HTTP connection is made in Java Plug-in, applets or beans have no access to this information even if the Java code is trusted. In addition, cookies are only sent back to the host and domain that it came from, and all the attribute/value pairs inside the cookie are extracted according to the cookie specification.

For more information about the format of the cookies, please consult the user guide of your browser.

Conclusion

Customers using cookies can take advantage of the cookie support in Java Plug-in when deploying Java applets or beans within their enterprise. Java Plug-in recognizes and works seamlessly in your enterprise environment with your browser's cookie policy.

More Information

Oracle is reviewing the Sun product roadmap and will provide guidance to customers in accordance with Oracle's standard product communication policies. Any resulting features and timing of release of such features as determined by Oracle's review of roadmaps, are at the sole discretion of Oracle. All product roadmap information, whether communicated by Sun Microsystems or by Oracle, does not represent a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. It is intended for information purposes only, and may not be incorporated into any contract.


	About Sun \| About This Site \| Newsletters \| Contact Us \| Employment \| How to Buy \| Licensing \| Terms of Use \| Privacy \| Trademarks © 2010, Oracle Corporation and/or its affiliates		A Sun Developer Network Site Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License. Sun Developer RSS Feeds