How Java Plug-in Supports Cookies
Java Plug-in supports both Internet Explorer and Netscape Navigator browsers on various Win32 platforms and the Solaris operating environment, and it supports Netscape Navigator browsers on Linux platforms. Java Plug-in provides cookie support through the browser API. Because browsers on various platforms implement the browser's API differently, cookie support in Java Plug-in varies according to platform. You need to know how each browser supports cookies and how Java Plug-in accesses and updates cookie information.
When a browser makes an HTTP/HTTPS request through a URL connection, it normally checks the cookie cache and policy to determine if a cookie should be sent along with the HTTP/HTTPS request header. If so, the browser will read the cookie from the cache and append the cookie as part of the HTTP/HTTPS request header.
When a browser processes the HTTP/HTTPS respond header through a URL connection, it will check the header to see if any cookies should be set. The browser also checks the cookie policy to determine if the action is allowed. If so, it will extract the cookie from the HTTP/HTTPS respond header and write it into the cookie cache.
When an HTTP/HTTPS request is made using Java Plug-in, Java Plug-in consults the browser to determine if a cookie should be sent along. If so, the HTTP/HTTPS request will contain the cookie as part of the header. Otherwise, the HTTP/HTTPS request will be sent with no cookie attached.
When a cookie needs to be set from the HTTP/HTTPS respond header, Java Plug-in uses the browser API to do so, with the exception of Netscape Navigator 4 browsers. For the Netscape Navigator 4 browser, there is no API allowing Java Plug-in to do so.
There is another limitation for Netscape Navigator 4 browsers. When using Java Plug-in in a Netscape Navigator 4 browser, cookie support works only if the codebase is the same or a subdirectory of the document base. See examples in the table below:
|
Document Base |
Codebase |
Will It Work? |
|---|---|---|
|
http://host.com/my/ |
http://host.com/my/ |
Yes |
|
http://host.com/my/ |
http://host.com/my/page |
Yes |
|
http://host.com/my/page |
http://host.com/my/ |
No |
Currently, cookie support in Java Plug-in is triggered automatically when an HTTP/HTTPS connection needs to be made.
To ensure that cookie support in Java Plug-in always works as expected, the following is recommended:
-
Use Internet Explorer or Netscape 6 browser
-
In the case that you must use the Netscape 4 browser, avoid having your web server set cookies in an HTTP/HTTPS connection with an applet.
(The above recommendations apply to an intranet environment, where deployment of browsers and web servers is controllable.)
For more general information about how cookies work, consult the user guide for your browser.
- © 2010, Oracle Corporation and/or its affiliates