tessl/maven-javax-servlet--javax-servlet-api
Java Servlet API specification defining core interfaces and classes for web application development
—
Pending
session-cookies.mddocs/
Session Management and Cookies
The Java Servlet API provides comprehensive support for HTTP session management and cookie handling. This includes session lifecycle management, various session tracking modes, cookie configuration, and security considerations for state management.
HttpSession Interface
/**
* Interface representing an HTTP session between a client and server.
* Provides a way to identify a user across multiple requests and store
* user-specific information across those requests.
*/
public interface HttpSession {
/**
* Get the time when this session was created (milliseconds since epoch).
*/
long getCreationTime();
/**
* Get the unique session identifier.
*/
String getId();
/**
* Get the last time the client sent a request with this session ID.
*/
long getLastAccessedTime();
/**
* Get the servlet context for this session.
*/
ServletContext getServletContext();
/**
* Set the maximum time interval (seconds) between client requests
* before the session is invalidated.
*/
void setMaxInactiveInterval(int interval);
/**
* Get the maximum time interval (seconds) between client requests
* before the session is invalidated.
*/
int getMaxInactiveInterval();
/**
* Get the session context (deprecated).
*/
@Deprecated
HttpSessionContext getSessionContext();
/**
* Get the value of an attribute stored in this session.
*/
Object getAttribute(String name);
/**
* Get the value of an attribute (deprecated).
*/
@Deprecated
Object getValue(String name);
/**
* Get an enumeration of all attribute names in this session.
*/
Enumeration<String> getAttributeNames();
/**
* Get all attribute names (deprecated).
*/
@Deprecated
String[] getValueNames();
/**
* Store an attribute in this session.
*/
void setAttribute(String name, Object value);
/**
* Store a value in this session (deprecated).
*/
@Deprecated
void putValue(String name, Object value);
/**
* Remove an attribute from this session.
*/
void removeAttribute(String name);
/**
* Remove a value from this session (deprecated).
*/
@Deprecated
void removeValue(String name);
/**
* Invalidate this session and unbind all objects stored in it.
*/
void invalidate();
/**
* Check if this session is new (client hasn't acknowledged it yet).
*/
boolean isNew();
}Cookie Class
/**
* Class representing an HTTP cookie.
* Implements Cloneable and Serializable for cookie management.
*/
public class Cookie implements Cloneable, Serializable {
private String name;
private String value;
private String comment;
private String domain;
private int maxAge = -1;
private String path;
private boolean secure;
private int version = 0;
private boolean httpOnly = false;
/**
* Create a cookie with the specified name and value.
*/
public Cookie(String name, String value) {
if (name == null || name.length() == 0) {
throw new IllegalArgumentException("Cookie name cannot be null or empty");
}
this.name = name;
this.value = value;
}
/**
* Set the comment describing the purpose of this cookie.
*/
public void setComment(String purpose) {
comment = purpose;
}
/**
* Get the comment describing the purpose of this cookie.
*/
public String getComment() {
return comment;
}
/**
* Set the domain for which this cookie is valid.
*/
public void setDomain(String domain) {
this.domain = domain.toLowerCase();
}
/**
* Get the domain for which this cookie is valid.
*/
public String getDomain() {
return domain;
}
/**
* Set the maximum age of this cookie in seconds.
* -1 indicates the cookie will persist until browser shutdown.
* 0 deletes the cookie immediately.
*/
public void setMaxAge(int expiry) {
maxAge = expiry;
}
/**
* Get the maximum age of this cookie in seconds.
*/
public int getMaxAge() {
return maxAge;
}
/**
* Set the path on the server to which the browser returns this cookie.
*/
public void setPath(String uri) {
path = uri;
}
/**
* Get the path on the server to which the browser returns this cookie.
*/
public String getPath() {
return path;
}
/**
* Set whether this cookie should only be sent over secure connections.
*/
public void setSecure(boolean flag) {
secure = flag;
}
/**
* Check if this cookie should only be sent over secure connections.
*/
public boolean getSecure() {
return secure;
}
/**
* Get the name of this cookie.
*/
public String getName() {
return name;
}
/**
* Set the value of this cookie.
*/
public void setValue(String newValue) {
value = newValue;
}
/**
* Get the value of this cookie.
*/
public String getValue() {
return value;
}
/**
* Get the version of the cookie protocol this cookie uses.
*/
public int getVersion() {
return version;
}
/**
* Set the version of the cookie protocol this cookie uses.
*/
public void setVersion(int v) {
version = v;
}
/**
* Set whether this cookie is HTTP only (not accessible via JavaScript).
*/
public void setHttpOnly(boolean httpOnly) {
this.httpOnly = httpOnly;
}
/**
* Check if this cookie is HTTP only.
*/
public boolean isHttpOnly() {
return httpOnly;
}
/**
* Create a copy of this cookie.
*/
public Object clone() {
try {
return super.clone();
} catch (CloneNotSupportedException e) {
throw new RuntimeException(e.getMessage());
}
}
}Session Tracking Modes
/**
* Enumeration of supported session tracking modes.
*/
public enum SessionTrackingMode {
/**
* Session tracking via HTTP cookies.
*/
COOKIE,
/**
* Session tracking via URL rewriting (appending session ID to URLs).
*/
URL,
/**
* Session tracking via SSL session ID.
*/
SSL
}SessionCookieConfig Interface
/**
* Interface for configuring session cookies.
* Allows programmatic configuration of session cookie properties.
*/
public interface SessionCookieConfig {
/**
* Set the name for session cookies created by the associated ServletContext.
*/
void setName(String name);
/**
* Get the name for session cookies.
*/
String getName();
/**
* Set the domain for session cookies.
*/
void setDomain(String domain);
/**
* Get the domain for session cookies.
*/
String getDomain();
/**
* Set the path for session cookies.
*/
void setPath(String path);
/**
* Get the path for session cookies.
*/
String getPath();
/**
* Set the comment for session cookies.
*/
void setComment(String comment);
/**
* Get the comment for session cookies.
*/
String getComment();
/**
* Set whether session cookies should be HTTP only.
*/
void setHttpOnly(boolean httpOnly);
/**
* Check if session cookies are HTTP only.
*/
boolean isHttpOnly();
/**
* Set whether session cookies should be secure (HTTPS only).
*/
void setSecure(boolean secure);
/**
* Check if session cookies are secure.
*/
boolean isSecure();
/**
* Set the maximum age for session cookies.
*/
void setMaxAge(int maxAge);
/**
* Get the maximum age for session cookies.
*/
int getMaxAge();
}Session Management Examples
Basic Session Usage
/**
* Servlet demonstrating basic session management
*/
@WebServlet("/session-demo")
public class SessionDemoServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// Get or create session
HttpSession session = request.getSession();
// Get visit counter
Integer visitCount = (Integer) session.getAttribute("visitCount");
if (visitCount == null) {
visitCount = 0;
}
visitCount++;
// Store updated count
session.setAttribute("visitCount", visitCount);
session.setAttribute("lastVisit", new Date());
// Get user info if available
String username = (String) session.getAttribute("username");
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head><title>Session Demo</title></head>");
out.println("<body>");
out.println("<h1>Session Information</h1>");
out.println("<p>Session ID: " + session.getId() + "</p>");
out.println("<p>Visit Count: " + visitCount + "</p>");
out.println("<p>Session Created: " + new Date(session.getCreationTime()) + "</p>");
out.println("<p>Last Accessed: " + new Date(session.getLastAccessedTime()) + "</p>");
out.println("<p>Max Inactive Interval: " + session.getMaxInactiveInterval() + " seconds</p>");
if (username != null) {
out.println("<p>Welcome back, " + username + "!</p>");
} else {
out.println("<p>You are not logged in.</p>");
out.println("<a href=\"/login\">Login</a>");
}
out.println("<p>Session Attributes:</p>");
out.println("<ul>");
Enumeration<String> attributeNames = session.getAttributeNames();
while (attributeNames.hasMoreElements()) {
String name = attributeNames.nextElement();
Object value = session.getAttribute(name);
out.println("<li>" + name + " = " + value + "</li>");
}
out.println("</ul>");
out.println("</body>");
out.println("</html>");
}
}Shopping Cart Session Example
/**
* Shopping cart servlet using session storage
*/
@WebServlet("/cart/*")
public class ShoppingCartServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String action = getAction(request);
HttpSession session = request.getSession();
switch (action) {
case "view":
viewCart(session, response);
break;
case "clear":
clearCart(session, response);
break;
default:
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid action");
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String action = getAction(request);
HttpSession session = request.getSession();
switch (action) {
case "add":
addToCart(request, session, response);
break;
case "remove":
removeFromCart(request, session, response);
break;
case "update":
updateCartItem(request, session, response);
break;
default:
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid action");
}
}
private String getAction(HttpServletRequest request) {
String pathInfo = request.getPathInfo();
return pathInfo != null ? pathInfo.substring(1) : "view";
}
private void viewCart(HttpSession session, HttpServletResponse response)
throws IOException {
Map<String, CartItem> cart = getCart(session);
response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter();
out.println("{");
out.println(" \"sessionId\": \"" + session.getId() + "\",");
out.println(" \"itemCount\": " + cart.size() + ",");
out.println(" \"items\": [");
boolean first = true;
for (CartItem item : cart.values()) {
if (!first) out.println(",");
out.println(" {");
out.println(" \"productId\": \"" + item.getProductId() + "\",");
out.println(" \"name\": \"" + item.getName() + "\",");
out.println(" \"price\": " + item.getPrice() + ",");
out.println(" \"quantity\": " + item.getQuantity());
out.println(" }");
first = false;
}
out.println(" ],");
out.println(" \"total\": " + calculateTotal(cart));
out.println("}");
}
private void addToCart(HttpServletRequest request, HttpSession session,
HttpServletResponse response) throws IOException {
String productId = request.getParameter("productId");
String name = request.getParameter("name");
String priceStr = request.getParameter("price");
String quantityStr = request.getParameter("quantity");
if (productId == null || name == null || priceStr == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing parameters");
return;
}
try {
double price = Double.parseDouble(priceStr);
int quantity = quantityStr != null ? Integer.parseInt(quantityStr) : 1;
Map<String, CartItem> cart = getCart(session);
CartItem existingItem = cart.get(productId);
if (existingItem != null) {
existingItem.setQuantity(existingItem.getQuantity() + quantity);
} else {
cart.put(productId, new CartItem(productId, name, price, quantity));
}
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"success\",\"message\":\"Item added to cart\"}");
} catch (NumberFormatException e) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid number format");
}
}
private void removeFromCart(HttpServletRequest request, HttpSession session,
HttpServletResponse response) throws IOException {
String productId = request.getParameter("productId");
if (productId == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing productId");
return;
}
Map<String, CartItem> cart = getCart(session);
cart.remove(productId);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"success\",\"message\":\"Item removed from cart\"}");
}
private void updateCartItem(HttpServletRequest request, HttpSession session,
HttpServletResponse response) throws IOException {
String productId = request.getParameter("productId");
String quantityStr = request.getParameter("quantity");
if (productId == null || quantityStr == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing parameters");
return;
}
try {
int quantity = Integer.parseInt(quantityStr);
Map<String, CartItem> cart = getCart(session);
CartItem item = cart.get(productId);
if (item != null) {
if (quantity <= 0) {
cart.remove(productId);
} else {
item.setQuantity(quantity);
}
}
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"success\",\"message\":\"Cart updated\"}");
} catch (NumberFormatException e) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid quantity");
}
}
private void clearCart(HttpSession session, HttpServletResponse response)
throws IOException {
session.removeAttribute("cart");
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"success\",\"message\":\"Cart cleared\"}");
}
@SuppressWarnings("unchecked")
private Map<String, CartItem> getCart(HttpSession session) {
Map<String, CartItem> cart = (Map<String, CartItem>) session.getAttribute("cart");
if (cart == null) {
cart = new ConcurrentHashMap<>();
session.setAttribute("cart", cart);
}
return cart;
}
private double calculateTotal(Map<String, CartItem> cart) {
return cart.values().stream()
.mapToDouble(item -> item.getPrice() * item.getQuantity())
.sum();
}
// Helper class for cart items
public static class CartItem implements Serializable {
private String productId;
private String name;
private double price;
private int quantity;
public CartItem(String productId, String name, double price, int quantity) {
this.productId = productId;
this.name = name;
this.price = price;
this.quantity = quantity;
}
// Getters and setters
public String getProductId() { return productId; }
public String getName() { return name; }
public double getPrice() { return price; }
public int getQuantity() { return quantity; }
public void setQuantity(int quantity) { this.quantity = quantity; }
}
}Cookie Management Examples
/**
* Servlet demonstrating comprehensive cookie management
*/
@WebServlet("/cookie-manager")
public class CookieManagerServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String action = request.getParameter("action");
switch (action != null ? action : "view") {
case "view":
viewCookies(request, response);
break;
case "set":
setCookie(request, response);
break;
case "delete":
deleteCookie(request, response);
break;
default:
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid action");
}
}
private void viewCookies(HttpServletRequest request, HttpServletResponse response)
throws IOException {
Cookie[] cookies = request.getCookies();
response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter();
out.println("{");
out.println(" \"cookies\": [");
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
Cookie cookie = cookies[i];
if (i > 0) out.println(",");
out.println(" {");
out.println(" \"name\": \"" + cookie.getName() + "\",");
out.println(" \"value\": \"" + cookie.getValue() + "\",");
out.println(" \"domain\": \"" + cookie.getDomain() + "\",");
out.println(" \"path\": \"" + cookie.getPath() + "\",");
out.println(" \"maxAge\": " + cookie.getMaxAge() + ",");
out.println(" \"secure\": " + cookie.getSecure() + ",");
out.println(" \"httpOnly\": " + cookie.isHttpOnly() + ",");
out.println(" \"version\": " + cookie.getVersion());
out.println(" }");
}
}
out.println(" ]");
out.println("}");
}
private void setCookie(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String name = request.getParameter("name");
String value = request.getParameter("value");
String domain = request.getParameter("domain");
String path = request.getParameter("path");
String maxAgeStr = request.getParameter("maxAge");
String secureStr = request.getParameter("secure");
String httpOnlyStr = request.getParameter("httpOnly");
if (name == null || value == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
"Cookie name and value are required");
return;
}
Cookie cookie = new Cookie(name, value);
// Set optional cookie properties
if (domain != null && !domain.isEmpty()) {
cookie.setDomain(domain);
}
if (path != null && !path.isEmpty()) {
cookie.setPath(path);
} else {
cookie.setPath("/"); // Default path
}
if (maxAgeStr != null && !maxAgeStr.isEmpty()) {
try {
int maxAge = Integer.parseInt(maxAgeStr);
cookie.setMaxAge(maxAge);
} catch (NumberFormatException e) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid maxAge");
return;
}
}
if ("true".equalsIgnoreCase(secureStr)) {
cookie.setSecure(true);
}
if ("true".equalsIgnoreCase(httpOnlyStr)) {
cookie.setHttpOnly(true);
}
response.addCookie(cookie);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"success\",\"message\":\"Cookie set\"}");
}
private void deleteCookie(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String name = request.getParameter("name");
if (name == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Cookie name required");
return;
}
// Create a cookie with the same name and set maxAge to 0
Cookie deleteCookie = new Cookie(name, "");
deleteCookie.setMaxAge(0);
deleteCookie.setPath("/");
response.addCookie(deleteCookie);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"success\",\"message\":\"Cookie deleted\"}");
}
}Session Configuration
/**
* ServletContextListener for session configuration
*/
@WebListener
public class SessionConfigListener implements ServletContextListener {
@Override
public void contextInitialized(ServletContextEvent sce) {
ServletContext context = sce.getServletContext();
// Configure session tracking modes
Set<SessionTrackingMode> trackingModes = EnumSet.of(
SessionTrackingMode.COOKIE,
SessionTrackingMode.URL
);
context.setSessionTrackingModes(trackingModes);
// Configure session cookies
SessionCookieConfig cookieConfig = context.getSessionCookieConfig();
cookieConfig.setName("JSESSIONID");
cookieConfig.setHttpOnly(true);
cookieConfig.setSecure(true); // Use only over HTTPS
cookieConfig.setMaxAge(-1); // Session cookie (expires when browser closes)
cookieConfig.setPath(context.getContextPath());
cookieConfig.setComment("Session tracking cookie");
// Log configuration
System.out.println("Session configuration initialized:");
System.out.println(" Tracking modes: " + trackingModes);
System.out.println(" Cookie name: " + cookieConfig.getName());
System.out.println(" HTTP only: " + cookieConfig.isHttpOnly());
System.out.println(" Secure: " + cookieConfig.isSecure());
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
// Cleanup if needed
}
}User Authentication and Session
/**
* Login servlet demonstrating session-based authentication
*/
@WebServlet("/auth")
public class AuthServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String action = request.getParameter("action");
switch (action != null ? action : "") {
case "login":
handleLogin(request, response);
break;
case "logout":
handleLogout(request, response);
break;
default:
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid action");
}
}
private void handleLogin(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
String rememberMe = request.getParameter("rememberMe");
if (username == null || password == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
"Username and password required");
return;
}
// Validate credentials (replace with real authentication)
if (isValidCredentials(username, password)) {
HttpSession session = request.getSession();
// Store user information in session
session.setAttribute("username", username);
session.setAttribute("loginTime", new Date());
session.setAttribute("authenticated", true);
// Set session timeout (30 minutes)
session.setMaxInactiveInterval(30 * 60);
// Handle "Remember Me" functionality with cookie
if ("true".equals(rememberMe)) {
String rememberToken = generateRememberToken(username);
Cookie rememberCookie = new Cookie("rememberToken", rememberToken);
rememberCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days
rememberCookie.setPath("/");
rememberCookie.setHttpOnly(true);
rememberCookie.setSecure(request.isSecure());
response.addCookie(rememberCookie);
// Store token in database for validation
storeRememberToken(username, rememberToken);
}
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"success\",\"message\":\"Login successful\"}");
} else {
// Invalid credentials
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"error\",\"message\":\"Invalid credentials\"}");
}
}
private void handleLogout(HttpServletRequest request, HttpServletResponse response)
throws IOException {
HttpSession session = request.getSession(false);
if (session != null) {
// Clear remember me token if exists
String username = (String) session.getAttribute("username");
if (username != null) {
clearRememberToken(username);
}
session.invalidate();
}
// Clear remember me cookie
Cookie rememberCookie = new Cookie("rememberToken", "");
rememberCookie.setMaxAge(0);
rememberCookie.setPath("/");
response.addCookie(rememberCookie);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":\"success\",\"message\":\"Logout successful\"}");
}
private boolean isValidCredentials(String username, String password) {
// Replace with real authentication logic
return "admin".equals(username) && "password".equals(password);
}
private String generateRememberToken(String username) {
// Generate secure random token
return UUID.randomUUID().toString() + "-" + System.currentTimeMillis();
}
private void storeRememberToken(String username, String token) {
// Store token in database with expiration
}
private void clearRememberToken(String username) {
// Remove token from database
}
}This comprehensive coverage of session management and cookies provides all the tools needed for maintaining user state and implementing secure authentication systems in servlet applications.
Install with Tessl CLI
npx tessl i tessl/maven-javax-servlet--javax-servlet-api