The JSP Files (part 6): State Of Grace
By Vikram Vaswani and Harish Kamath
This article copyright Melonfire 2000−2002. All rights reserved.
Table of Contents
A Perfect State.....................................................................................................................................................1
Wasted, Dude!.....................................................................................................................................................2
A Few Ground Rules..........................................................................................................................................3
Learning To Write..............................................................................................................................................4
...And Read..........................................................................................................................................................8
What's In A Name?...........................................................................................................................................10
Plan B.................................................................................................................................................................13
Session Dissection..............................................................................................................................................14
Access Denied....................................................................................................................................................16
The JSP Files (part 6): State Of Grace
i
A Perfect State
Over the past few weeks, you've learned a great deal about the various control structures and objects available
in JSP. You've see how to retrieve information posted in an online form, and connect your JSP document to a
database for dynamic content generation.
This week in The JSP Files, we're going to tackle yet another very interesting topic − the problem of
maintaining "state" on a Web site. We'll be looking at two common solutions to this problem − cookies and
server−based sessions − and using simple examples to illustrate the JSP constructs available to help you
identify and track client requests on your Web site.
You'll also learn more than you want to know about what exactly "maintaining state" actually means, the
advantages and disadvantages of each of the approaches just described...and, if we're doing our job right, get a
laugh or two out of the whole exercise.
A Perfect State 1
Wasted, Dude!
It's one of the things geeks say to each other when they want to impress the young women in earshot: "HTTP
is a stateless protocol, and the Internet is a stateless development environment". In simple language, all this
means is that the HyperText Transfer Protocol, which is the backbone of the Web, is unable to retain a

stored in the cookie. For example,
clarkkent=superman
The EXPIRES attribute defines the date on which the cookie is automatically removed from the system. The
date must be in the format "weekday, dd−mon−yy hh:mm:ss GMT". For example,
expires="Sun, 31−Dec−2030 17:51:06 GMT"
Cookies without a specifically defined expiry date remain active for so long as the browser remains open, and
are destroyed once the browser is closed. You can delete an existing cookie be setting this attribute to a date in
the past.
The PATH attribute is used to set the top−level directory on the Web server from which cookies can be
accessed. In most cases, this is set to
path=/
to ensure that the cookie can be accessed by each and every document on the server.
The DOMAIN attribute is used to specify the domain which the cookie is linked to, and the SECURE attribute
indicates that a cookie should only be set if there exists a secure protocol between the browser and the server.
4. Of all the five attributes, the first is the only one that is not optional.
5. Every good browser offers users the option to disable cookies. If a user decides to exercise his or her right
to do so, your cookies will not be stored, and any attempt to access them will fail. Users who do this are
usually career criminals or tax evaders.
A Few Ground Rules 3
Learning To Write...
Now, there are innumerable ways to go about creating and reading cookies on a client browser − you can use
Javascript, you can use PHP, you can use any of the wonderful programming languages out there. However,
our concern here is with JSP − so let's take a look at an example which demonstrates how to read and write a
cookie.
This is a simple hit counter which creates a cookie the first time the user visits the Web page, and then
increments the counter on each subsequent visit.
<%
// counter.jsp
// declare some variables
Cookie cookieCounter = null;

// store it in the cookie for future use
cookieCounter.setValue(tempString);
// set some other attributes
cookieCounter.setMaxAge(300);
cookieCounter.setPath("/");
// send cookie to client
response.addCookie(cookieCounter);
}
// if not found
else
{
// create a new cookie with counter 0
Cookie alpha = null;
alpha = new Cookie("counter", "0");
alpha.setMaxAge(300);
alpha.setPath("/");
response.addCookie(alpha);
}
%>
<html>
<head>
<basefont face="Arial">
</head>
<body>
<%
// display appropriate message
if (count > 0)
{
out.println("You have visited this page " + count + " time(s)!
Don't you

getValue() − returns the current value of the cookie
setPath(someURL) − sets the PATH attribute of a cookie to someURL
getPath() − returns the current value of the PATH attribute
setMaxAge(someSeconds) − sets the EXPIRES attribute of the cookie, in seconds
getMaxAge() − returns the current value of the EXPIRES attribute
The JSP Files (part 6): State Of Grace
Learning To Write... 6