How do you update an existing cookie in JSP?

Question

I have a cookie, myCookie, that contains a hash value. This cookie is set to expire in one year and has a path of '/'. I need to update this cookie with a new hash value. When my JSP script is loaded I retrieve the cookie like so:

Cookie[] cookies = request.getCookies();
Cookie myCookie = null;

for (int i = 0; i < cookies.length; i += 1) {
  if (cookies[i].getName().equals("myCookie")) {
    myCookie = cookies[i];
    break;
  }
}

After determining that the value of the cookie needs to be updated, I do the following to update it:

myCookie.setValue("my new value");
response.addCookie(myCookie);

Examining the results, I now have two instances of myCookie: the original version with the correct expiration date and path, and the old, invalid, value; and a new cookie named "myCookie" that expires at the end of the session, with the correct value, and a path of the JSP document.

If I do:

myCookie.setValue("my new value");
myCookie.setPath(myCookie.getPath());
myCookie.setMaxAge(myCookie.getMaxAge());
response.addCookies(myCookie);

The same thing happens. I get two cookies with the same name and different properties.

Does a Cookie object not retain the properties from when it was retrieved? How can I update this cookie?

Note: I do not want to modify the path or the expiration date. I only want to update the value of the already set cookie.

Answer 1

Per section 3.3.4 of RFC 2965, the user agent does not include the expiration information in the cookie header that is sent to the server. Therefore, there is no way to update an existing cookie's value while retaining the expiration date that was initially set based solely on the information associated with the cookie.

So the answer to this question is: you can't do that.

Answer 2

Just set the path, ex:

cookie.setPath("/");

This should overwrite the old cookie value.

Answer 3

If you are manipulating cookies from within a JSP, one thing you will need to watch out for is whether or not the response has already been committed. Once content is written to the output stream, adding a cookie to the response is futile.

ServletResponseWrapper.isCommitted()

Answer 4

def member = SecUser.get(userService.currentUser().id)
    def cookies = request.getCookies()
    def cookie;
    def sum = 0;
    def cookieSum = 0;
    def cookieItems;
    for(def i=0; i<cookies.size(); i++){
        if (cookies[i].name == 'c17'){
                cookie = cookies[i]
                cookieItems = cookie.value.split('-')
                println "cookieItems......."+cookieItems
                if(params.itemId != null){
                    for(def j=0; j<cookieItems.size(); j++){
                        def oldItem = cookieItems[j].split('\\|')[0]
                        if(params.itemId != oldItem){
                            sum = sum + 1
                        }
                    }//Below code for Update your cookie value
                if(sum == cookieItems.size()){
                    cookie.value = cookie.value +"-"+params.itemId+"|"+member.id
                    def b = cookie.value
                    cookie.setValue(b);
                    response.addCookie(cookie);

                }
                }
                break
          }
          else{
             cookieSum = cookieSum + 1
          }

     }
    if ((cookieSum) == cookies.size()){
        // Here ADD new cookie........
         def a = params.itemId+"|"+member.id
         cookie = new Cookie('c17',a.toString())
         cookie.path = '/'
         response.addCookie(cookie)
    }

The Above code can help you for ADD a cookie and UPDATE the cookie value

Answer 5

You can delete the old cookie, if the new one does not contain the same name, path, and domain by setting MaxAge to (0) http://download.oracle.com/javaee/1.3/api/javax/servlet/http/Cookie.html#setMaxAge(int)