Menu
Simple question I think, but I just can't seem to find an answer.
I am writing a cookie in a Java Servlet with the Cookie class which is sent to the browser in the response headers like the following:
Set-Cookie: test=somevalue; Domain=.mydomain.org; Expires=Thu, 06-Jan-2011 18:45:20 GMT; Path=/
I am doing this via the Cookie class in the Servlet 2.5 API. I need to add "HTTPOnly" to the end of this String, which the Servlet 2.5 API does not support. No problem, I'll just create the String manually and append "HTTPOnly" to the end...
However, in doing so, the challenge I ran into is that to set the "Expires" header there in the first place, I used .setMaxAge(3600), which creates the "Expires" part of that String. However, since I can't use the Cookie class, I need to create the value of of that "Expires" portion.
So basically, how can I make "3600" formatted to "Thu, 06-Jan-2011 18:45:20 GMT"?
Note: I could probably figure out the correct pattern with DateFormat, but I was hoping there was a better way to do it. Another thought: Use the Cookie class as before then just convert the Cookie into the corresponding header string programatically, then just append "HTTPOnly" to the end. But I am not aware of any way to take the Cookie object and convert it to the corresponding String value.
So optionally, how can I take a Cookie object and convert it to the corresponding String value programatically?
Thanks!
914
You can extend the life of a cookie beyond the current browser session by setting an expiration date and saving the expiry date within the cookie. This can be done by setting the 'expires' attribute to a date and time.
To send cookies to the server, you need to add the "Cookie: name=value" header to your request. To send multiple Cookies in one cookie header, you can separate them with semicolons.
To set a cookie so it expires at the end of the browsing session, simply OMIT the expiration parameter altogether.
Set the cookie "Max-Age" attribute. A positive value indicates when the cookie should expire relative to the current time. A value of 0 means the cookie should expire immediately. A negative value results in no "Max-Age" attribute in which case the cookie is removed when the browser is closed.
Something like this :
Date expdate = new Date ();
expdate.setTime (expdate.getTime() + (3600 * 1000));
String cookieExpire = "expires=" + expdate.toGMTString();
...
.. and since toGMTString() is deprecated
Date expdate= new Date();
expdate.setTime (expdate.getTime() + (3600 * 1000));
DateFormat df = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", java.util.Locale.US);
df.setTimeZone(TimeZone.getTimeZone("GMT"));
String cookieExpire = "expires=" + df.format(expdate);
Java 8 now supplies an appropriate date formatter, DateTimeFormatter.RFC_1123_DATE_TIME:
OffsetDateTime oneHourFromNow
= OffsetDateTime.now(ZoneOffset.UTC)
.plus(Duration.ofHours(1));
String cookieExpires
= DateTimeFormatter.RFC_1123_DATE_TIME
.format(oneHourFromNow);
// E.g. "Tue, 8 Nov 2016 20:15:46 GMT"
This format is valid for the the expires attribute, see RFC 6265 § 4.1.1, which defines the format to be an RFC 1123 date:
expires-av = "Expires=" sane-cookie-date sane-cookie-date = <rfc1123-date, defined in [RFC2616], Section 3.3.1>
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
