servlet可以更改另一个域的cookie [英] Can servlet change cookie of another domain
问题描述
我需要更改另一个域的Cookie值,我知道我们不能使用javascript。是否可以使用servlet?
我试着这样,但没有成功?是我错了吗?
我有两个web应用程序namly Cookie1和cookies2部署在localhost中的一个tomcat
cookie1应用程序的Servlet b
$ b
protected void doGet(HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException {
response.setContentType(text / html);
PrintWriter pw = response.getWriter();
// String Html =< HTML>< BODY> HI< / body>< / html>;
// pw.write(Html);
Cookie cookie = new Cookie(__ utmz,Arvind);
cookie.setDomain(http:// localhost:8080 / Cookie2);
cookie.setPath(/);
response.addCookie(cookie);
//response.getWriter().write(Html);
}
Cookie1应用程式Servlet b
$ b
protected void doGet(HttpServletRequest request,
HttpServletResponse response)throws ServletException,IOException {
System.out.println(CookieSetDm .doGet());
Cookie [] cookies = request.getCookies();
if(cookies!= null){
for(int i = 0; i< cookies.length; i ++){
System.out.println(cookies [i] .getName )+<>+ cookies [i] .getValue());
}
}
}
出于安全考虑,您无法使用托管在其他域上的servlet或JavaScript修改一个域的cookie。请参见 RFC 6265,第4.1.2.3节:
用户代理将拒绝cookie,除非域属性
指定了包含源服务器的cookie的范围。
例如,用户代理将接受来自
foo.example.com的具有Domain
属性example.com或foo.example.com的Cookie,但是用户代理不接受具有
Domain属性bar.example.com或baz.foo.example.com的Cookie。
但是你可以在servlet / script中设置一个cookie,然后在同一主机上的另一个servlet /脚本中读取/修改cookie。您可以甚至读取或修改在一个端口上运行的服务器上设置的Cookie来自在同一主机名/域的另一个端口上运行的服务器的相同主机名/域 - 因此您可以让Tomcat在同一服务器上的两个不同端口上运行,并在两者之间交换Cookie。
请注意,您在第一个示例中调用 setDomain 不正确 - Cookie的此字段需要一个域名称而不是完整的URL。所以调用应该看起来像这样:
cookie.setDomain(localhost);
另一个答案指出,某些浏览器会忽略 localhost ,所以你可能不想设置这个cookie的所有 - 这具有设置一个cookie的效果,只有返回到同一个主机设置它(大部分时间是你想要的)。
I need to change cookies value of another domain, I know that we can not do it using javascript. Is it possible using servlet ?
I am trying like this but no success? were am I going wrong? I have two web application namly Cookies1 and Cookies2 deployed in one tomcat in localhost
Servlet of cookie1 application
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter pw = response.getWriter();
// String Html = "<HTML><BODY>HI</body></html>";
// pw.write(Html);
Cookie cookie = new Cookie("__utmz", "Arvind");
cookie.setDomain("http://localhost:8080/Cookie2");
cookie.setPath("/");
response.addCookie(cookie);
//response.getWriter().write(Html);
}
Servlet of cookie1 application
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
System.out.println("CookieSetDm.doGet()");
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
System.out.println(cookies[i].getName() + " <> "+ cookies[i].getValue());
}
}
}
You can't modify the cookies of one domain using a servlet or JavaScript hosted on another domain, for security reasons. See RFC 6265, section 4.1.2.3:
The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server. For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".
But you can set a cookie in a servlet/script and then read/modify the cookie in another servlet/script on the same host. You can even read or modify a cookie set on a server running on one port on the same hostname/domain from a server running on another port at the same hostname/domain - so you can have Tomcat running on two different ports on the same server and exchange cookies between the two.
Note that you're calling setDomain incorrectly in the first example - this field of the cookie takes a domain name and not a full URL. So the call should look like this:
cookie.setDomain("localhost");
As the other answer notes, some browsers ignore cookies for localhost, so you may want to not set this field of the cookie at all - this has the effect of setting a cookie that will only be returned to the same host that set it (which most of the time is what you want).
这篇关于servlet可以更改另一个域的cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
