Home/ Questions/Q 8720695
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T07:05:41+00:00

First time post here, I hope its a valid question. I’ve been building a

  • 0

First time post here, I hope its a valid question. I’ve been building a basic Java servlet which accepts 3 name/value pairs from a form on a page, sets those as 1. request attributes 2. session attributes and 3. cookie attributes. Cookies are then added to the response, and then the view (AccountSettings.jsp) is forwarded. The AccountSettings page is then supposed to use request.getCookies() to dump them into an array, then read the values from the array. All of this is supposed to happen every time I use this form.

My problem is that the cookie values are only correct the first time I use the form, then every time I use the form again, the cookies display the last value that was entered on page load. If I refresh the page, however, the cookies values will display correctly. I tried manually deleting the cookies in the Logout servlet (setMaxAge(0) then re-add to response) but this only produced a constant ArrayOutOfBoundsException at index 1, so I commented that portion out and leave the cookies alone.

I checked cookies associated with localhost in Chrome after the page is displayed, and the values are set correctly, so it seems to me like the JSP is drawn before the cookies are actually set correctly.

Any help on how to fix this would be appreciated. Here’s my code.

Servlet:

public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;

public Login() {

    super();

}

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    login(request, response);

}


protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    login(request, response);

}


private void login(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{

    // get a new or existing session
    HttpSession session = request.getSession();

    // Instantiate user and populate values
    User user = new User();
    user.setUser(request.getParameter("user"));
    user.setPass(request.getParameter("pass"));

    // Get last page
    String referringUrl = request.getParameter("referringPage");

    session.setAttribute("user", user.getUser());
    session.setAttribute("pass", user.getPass());
    session.setAttribute("lastPage", referringUrl);

    Cookie cookie1 = new Cookie("user", user.getUser());
    Cookie cookie2 = new Cookie("pass", user.getPass());
    Cookie cookie3 = new Cookie("lastPage", referringUrl);

    response.addCookie(cookie1);
    response.addCookie(cookie2);
    response.addCookie(cookie3);

    request.setAttribute("user", user.getUser());
    request.setAttribute("pass", user.getPass());
    request.setAttribute("lastPage", referringUrl);

    try{

        if (user.authorize()){

            session.setAttribute("name", user.getName());
            session.setAttribute("authorized", "1");

        }else{

            session.setAttribute("authorized", "0");

        }
    }
    catch(Exception e){
        e.printStackTrace();
    }

    RequestDispatcher view = request.getRequestDispatcher("AccountSettings.jsp");
    view.forward(request, response);

    user.destroy();

}

}

View:

<div id="content">
        <div class="padding">

            <%
                if (!loggedIn){
                    out.print(
                        "Oops! I'm not sure how you got here..."
                    );
                }else{
                    Cookie[] cookies = request.getCookies();

                    out.print(
                        "<h2>Account Settings</h2><br><br>" +
                        "<table>" +
                            "<tr>" +
                                "<th>Source</th>" +
                                "<th>Username</th>" +
                                "<th>Password</th>" +
                                "<th>Last Page Visted</th>" +
                            "</tr>" +
                            "<tr>" +
                                "<th>Request</th>" +
                                "<td>" + request.getAttribute("user") + "</td>" +
                                "<td>" + request.getAttribute("pass") + "</td>" +
                                "<td>" + request.getAttribute("lastPage") + "</td>" +
                            "</tr>" +
                            "<tr>" +
                                "<th>Session</th>" +
                                "<td>" + session.getAttribute("user") + "</td>" +
                                "<td>" + session.getAttribute("pass") + "</td>" +
                                "<td>" + session.getAttribute("lastPage") + "</td>" +
                            "</tr>" +
                            "<tr>" +
                                "<th>Cookies</th>" +
                                "<td>" + cookies[1].getValue() + "</td>" +
                                "<td>" + cookies[2].getValue() + "</td>" +
                                "<td>" + cookies[3].getValue() + "</td>" +
                            "</tr>" +
                        "</table>"
                    );

                }
            %>

        </div>
    </div>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    so it seems to me like the JSP is drawn before the cookies are actually set correctly

    That’s correct. You’re adding new cookies to the response (so they’re only available in subsequent requests on the same domain and path), but your JSP is attempting to read cookies from the current request.

    You need either to send a redirect instead of a forward by replacing

    RequestDispatcher view = request.getRequestDispatcher("AccountSettings.jsp");
view.forward(request, response);

    by

    response.sendRedirect("AccountSettings.jsp");

    or to copy cookie values as request attributes, so that JSP can get them as request attributes (you already know how to do that).

    Unrelated to the concrete problem, passing around the password in a cookie is a very bad idea. That’s a huge security hole. For your concrete functional requirement, you’re better off storing the logged-in user as a session attribute instead.

    • 0