 | |
IntroductionCookies are a way for data to be stored on the client side. It has been used extensively for personalization of portal sites, user preference tracking, or logging into web sites. For enterprise customers who are using cookies in their web sites, cookie support in Java Plug-in is essential to make deploying Java applets or JavaBeans easier. Cookie support allows applets or JavaBeans to access the web server by passing back the cookie that corresponds to the web server, so the state of the client side data can be preserved correctly. Java Plug-in provides uni-directional cookie support according to how the cookie policy is configured in the browser. This document specifies how cookie works in different browser environments. How Java Plug-in Supports CookiesJava Plug-in supports Internet Explorer and Netscape Navigator on various Win32 platforms and Solaris platforms, and Netscape Navigator on Linux platforms. Java Plug-in 1.3 provides cookie support by using the browser's application interface (API) to access cookie information. Because browsers on various platforms implement the browser's API differently, the cookie support in Java Plug-in varies in each platforms. You will want to know how each browser supports cookies and how Java Plug-in accesses the cookie information. When a browser needs to make an HTTP request through a URL connection, it will normally check the cookie cache and cookie policy to see if a cookie needs to be sent along with the HTTP request header. If so, the browser will read the cookie from the cache and append the cookie as part of the HTTP request header. When a browser processes the HTTP respond header through a URL connection, it will check the header to see if any cookies need to be set. The browser will also check the cookie policy to determine if the action is allowed. If so, it will extract the cookie from the HTTP respond header and write it into the cookie cache. Java Plug-in 1.3 provides cookie support by using the browser's application interface (API). Because of the limitation of the browser's API, Java Plug-in only provides uni-directional cookie support. In other words, Java Plug-in will be able to read cookie information from the browser and send it along with the HTTP request header, but it will not be able to write cookie information to the browser by extracting cookie information from the HTTP respond header. When an HTTP request is made using Java Plug-in, Java Plug-in will consult the browser to determine whether a cookie should be sent along. If so, the HTTP request will contain the cookie as part of the headers. Otherwise, the HTTP request will be sent with no cookie attached. However, it is different when a cookie needs to be set from the HTTP respond header in Java Plug-in. In this case, because of the browser's API limitation, the cookie in the HTTP header will not be allowed to be written back into the browser's cookie cache. There is another limitation when using cookie
support in Java Plug-in. When using Java Plug-in
in Netscape Navigator 3/4, cookie
support will work only if the
Cookies will only be sent in Java Plug-in for Netscape Navigator if these requirements are met. There is no such limitation in Java Plug-in for Internet Explorer. Cookies will always be sent properly. Currently, cookie support in Java Plug-in is triggered automatically when a HTTP connection needs to be made. HTTPS support in Java Plug-in 1.3 provides bi-directional cookie support. HTTPS is entirely implemented using the browser's API and cookies are handled automatically by the browser. To ensure cookie support in Java Plug-in will always work as expected, we recommend the following:
For more general information about how cookies work,
please consult the user guide of your browser. Cookie Policy Support in Java Plug-inJava Plug-in supports all cookie policies that are supported in both Internet Explorer and Netscape Navigator. The cookie policy can be configured in the user preference dialog in both browsers. Currently, four different kinds of cookie policies are supported:
When the cookie policy is changed in the browser, it will take effect the next time an HTTP connection needs to be made from Java Plug-in. To address the dynamic nature of cookies, Java Plug-in does not provide any cookie caching support. Instead, it will consult the browser every time an HTTP connection is made. As a result, the browser itself is the only place where the cookies are stored. Any change with the cookie in the browser will get reflected in Java Plug-in immediately when a new HTTP connection is made. For more information about the cookie policy
in your browser, please consult the user guide of
your browser. Cookies and Disk CachingJava Plug-in provides disk caching support
through the browser's API. It is triggered
whenever a .jar/.class file is downloaded through
HTTP. If disk caching support is triggered, the
file will be downloaded entirely by the browser.
As a result, cookie will be handled automatically
by the browser in this case. Cookies and SecurityAlthough cookies are sent when an HTTP connection is made in Java Plug-in, applets or beans have no access to this information even if the Java code is trusted. In addition, cookies are only sent back to the host and domain that it came from, and all the attribute/value pairs inside the cookie are extracted according to the cookie specification. For more information about the format of the
cookies, please consult the user guide of your
browser. ConclusionCustomers using cookies can take advantage
of the cookie support in Java Plug-in when
deploying Java applets or beans within their
enterprise. Java Plug-in recognizes and
works seamlessly in your enterprise environment
with your browser's cookie policy. More Information | ||||||||||||||||||
|
| ||||||||||||
Print-friendly Version
