Home/ Questions/Q 4617734
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T02:09:59+00:00

I have a caching Servlet Filter, the filter will, for certain URLs, add a

  • 0

I have a caching Servlet Filter, the filter will, for certain URLs, add a Cache-Control: public, max-age=x header to responses.

But it shouldn’t publicly cache any responses that are setting any cookies. How do I check to make sure the response doesn’t have cookies set (including making sure the servlet container isn’t going to send a JSESSIONID)?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can use a HttpServletResponseWrapper:

    public void doFilter(..) {
   chain.doFilter(request, new Wrapper(response));
}

    where the Wrapper extends HttpServletResponseWrapper, overrides the addCookie method, call super.addCookie(..) and sets a boolean to true, meaning a cookie has been added. That boolean can be either in a field of the wrapper or as request attribute. Either way you can read it later when you need to check if a cookie has been added.

    For jsessionid (appended to the URL) you can override the encodeRedirectURL, and check whether the call to super.encodeRedirectURL(..) will append the jsessionid

    But not caching a resource that is sending a session cookie might be wrong. Any resource might send a session cookie, if it is the first one to open.

    • 0