Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<blockquote> <p><em>The problem is that later (in the same session) I read the cookies and I see that maxAge = -1; even though I'm setting it to 3600... why is that?</em></p> </blockquote> <p>Because the browser doesn't send the maxage back. It only sends the cookie name=value back. The maxage is only stored in the browser. You can check it in the cookie viewer/editor of the webbrowser itself. In Firefox for example, you can check all cookies by <em>Tools > Options > Privacy > Remove individual cookies</em>. Enter the domain (e.g. localhost) to see the cookies.</p> <blockquote> <p><em>Another issue: if I set the cookie secure with userCookie.setSecure(true) then I can't read it (it dissapears).</em></p> </blockquote> <p>It only works when the request/response is served over HTTPS instead of HTTP. Also, when the request is already served over HTTPS, it will already default to secure=true.</p> <blockquote> <p><em>Another question: since a password is being stored in a cookie, should I encrypt it some how? what is the best practice?</em></p> </blockquote> <p>Do not store the raw name/password in two cookies. Apart from that this can easily go in just a single cookie, this is a very bad idea and easily hackable. Use a single cookie with an autogenerated long, unique and impossible-to-guess value. Store this value along with the user ID in a database in the server side. When someone visits your site with this cookie, but the user is not logged in yet (i.e. there's no <code>User</code> object in session), then you can do the automatic login.</p> <h3>See also:</h3> <ul> <li><a href="https://stackoverflow.com/questions/5082846/java-ee-6-how-to-implement-stay-logged-in-when-user-login-in-to-the-web-applic">How to implement "Stay logged in"?</a></li> <li><a href="https://stackoverflow.com/questions/2185951/java-how-do-i-keep-a-user-logged-into-my-site-for-months">How to keep a user logged in?</a></li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload