Cookie Support

This section covers the following topics:

Introduction
How Java Plug-in supports cookies

Introduction

Cookies are a way of storing data on the client side. They have been used extensively for personalization of portal sites, user preference tracking, and logging into web sites. For enterprise customers using cookies in their web sites, cookie support in Java Plug-in facilitates deployment of client-side Java.

Cookie support allows a Java component to pass a cookie back to a web server if that cookie originated from the web server. This provides the server with information about the state of the client. Java Plug-in provides bidirectional cookie support.

How Java Plug-in Supports Cookies

Java Plug-in provides cookie support through the browser API. Because browsers on different platforms implement the browser's API differently, cookie support in Java Plug-in varies according to platform.

When a browser makes an HTTP/HTTPS request through a URL connection, it normally checks the cookie cache and policy to determine if a cookie should be sent along with the HTTP/HTTPS request header. If so, the browser will read the cookie from the cache and append the cookie as part of the HTTP/HTTPS request header.

When a browser processes the HTTP/HTTPS respond header through a URL connection, it will check the header to see if any cookies should be set. The browser also checks the cookie policy to determine if the action is allowed. If so, it will extract the cookie from the HTTP/HTTPS respond header and write it into the cookie cache.

When an HTTP/HTTPS request is made using Java Plug-in, Java Plug-in consults the browser to determine if a cookie should be sent along. If so, the HTTP/HTTPS request will contain the cookie as part of the header. Otherwise, the HTTP/HTTPS request will be sent with no cookie attached.

When a cookie needs to be set from the HTTP/HTTPS respond header, Java Plug-in uses the browser API to do so.

Cookie support in Java Plug-in is triggered transparently when an HTTP/HTTPS connection needs to be made.

Netscape 4 Limitation

When using Java Plug-in with Netscape 4, cookie support works only if the codebase is the same or a subdirectory of the document base. See examples in the table below:

Document Base	Codebase	Will It Work?
`http://host.com/my/`	`http://host.com/my/`	Yes
`http://host.com/my/`	`http://host.com/my/pag`e	Yes
`http://host.com/my/page/`	`http://host.com/my/`	No

To ensure that cookie support in Java Plug-in always works as expected, the following is recommended:

Use Internet Explorer or Netscape 6
If you must use Netscape 4, avoid having your web server set cookies in an HTTP/HTTPS connection with an applet.

The above recommendations apply to an intranet environment, where deployment of browsers and web servers is controllable.