在Java servlet中，cookie.getMaxAge（）始终返回-1 [英] In Java servlet, cookie.getMaxAge() always returns -1

问题描述

如果我在将来设置一个带有setMaxAge（）的cookie，当我在后续请求中将cookie读回内存时，getMaxAge（）会给我一个-1。我已经通过Chrome的设置和检查员检查了实际的Cookie，并且我可以确认过期日期确实设置为60天。

If I set a cookie with a setMaxAge() well into the future, when I read the cookie back into memory in a subsequent request, the getMaxAge() gives me back a -1. I have checked the actual cookie via Chrome's settings, and inspector, and I can verify that the expiration date is indeed set 60 days in the future.

static public void setHttpCookie(HttpServletResponse response, String payload) {
    Cookie c = new Cookie(COOKIE_NAME, payload);
    c.setMaxAge(60*86400); // expire sixty days in the future
    c.setPath("/"); // this cookie is good everywhere on the site
    response.addCookie(c);
}

static public String checkForCookie(HttpServletRequest req) {
    Cookie[] cookies = req.getCookies();
    if ( cookies != null ) {
        for ( Cookie c : cookies ) {
            if ( COOKIE_NAME.equals(c.getName()) ) {
                int maxAge = c.getMaxAge();
                logger.debug("Read back cookie and it had maxAge of {}.", maxAge);
                String payload = c.getValue();
                return payload;
            }
        }
    }
    return null;
}

为什么c.getMaxAge（）总是返回-1？

Why does c.getMaxAge() always return -1?

推荐答案

浏览器不会发送路径和年龄等cookie属性。它只返回名称和值。如果最大年龄已过期，则浏览器无论如何都不会发送cookie。如果路径未被请求URI覆盖，则浏览器无论如何都不会发送cookie。

The browser does not send cookie attributes like path and age back. It only sends the name and the value back. If the max age is expired, then the browser won't send the cookie anyway. If the path is not covered by request URI, then the browser won't send the cookie anyway.

如果你真的需要确定cookie的年龄之后您已经设置了cookie，然后您应该在设置cookie时自己记住它，例如在数据库表中，与登录用户和cookie名称相关联。

If you really need to determine the cookie's age after you have set the cookie, then you should remember it yourself elsewhere at the moment you've set the cookie, such as in a database table, associated with the logged-in user and cookie name, for example.

此问题与Java / Servlet无关。这就是HTTP cookie的指定方式。您在其他Web编程语言中遇到完全相同的问题。另请参阅维基百科（强调我的）中的以下摘录。

This problem is unrelated to the Java/Servlets. It's just how HTTP cookie is specified. You'd have exactly the same problem in other web programming languages. See also the following extract from Wikipedia (emphasis mine).

Cookie属性

除了名称 - 值对，服务器还可以设置这些cookie属性：cookie域，路径，到期时间或最大年龄，安全标志和HttpOnly标志。 浏览器不会将cookie属性发送回服务器。他们只会发送cookie的名称 - 值对。浏览器使用Cookie属性来确定何时删除cookie，阻止cookie或是否向服务器发送cookie（名称 - 值对）。

Cookie attributes

Besides the name–value pair, servers can also set these cookie attributes: a cookie domain, a path, expiration time or maximum age, Secure flag and HttpOnly flag. Browsers will not send cookie attributes back to the server. They will only send the cookie’s name-value pair. Cookie attributes are used by browsers to determine when to delete a cookie, block a cookie or whether to send a cookie (name-value pair) to the servers.

这篇关于在Java servlet中，cookie.getMaxAge（）始终返回-1的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！