Skip to content
This repository has been archived by the owner on Feb 8, 2023. It is now read-only.

Latest commit

 

History

History
268 lines (198 loc) · 8.18 KB

README.md

File metadata and controls

268 lines (198 loc) · 8.18 KB
Raw

Java Cookie Build Status

A simple Java API for handling cookies

Basic Usage

Create a cookie, valid across the entire site

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.set( "name", "value" );

Create a cookie that expires 7 days from now, valid across the entire site:

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.set( "name", "value", Attributes.empty()
  .expires( Expiration.days( 7 ) )
);

Create an expiring cookie, valid to the path of the current page:

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.set( "name", "value", Attributes.empty()
  .expires( Expiration.days( 7 ) )
  .path( "" )
);

Read cookie:

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.get( "name" ); // => "value"
cookies.get( "nothing" ); // => null

Read all available cookies:

Cookies cookies = Cookies.initFromServlet( request, response );
Map<String, String> all = cookies.get(); // => {name=value}

Delete cookie:

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.remove( "name" );

Delete a cookie valid to the path of the current page:

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.set( "name", "value", Attributes.empty()
  .path( "" )
);
cookies.remove( "name" ); // fail!
cookies.remove( "name", Attributes.empty().path( "path" ) ); // removed!

IMPORTANT! when deleting a cookie, you must pass the exact same path, domain and secure attributes that were used to set the cookie, unless you're relying on the default attributes.

JSON Data Binding

java-cookie provides unobstrusive JSON storage for cookies with data binding.

When creating a cookie, you can pass a few supported types instead of String in the value. If you do so, java-cookie will store the stringified JSON representation of the value using jackson databind.

Consider the following class that implements the CookieValue interface:

public class Person implements CookieValue {
  private int age;
  public Person( int age ) {
    this.age = age;
  }
  public int getAge() {
    return age;
  }
}

And the following usage:

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.set( "name", new Person( 25 ) );

When reading a cookie with the default get() api, you receive the string representation stored in the cookie:

Cookies cookies = Cookies.initFromServlet( request, response );
String value = cookies.get( "name" ); // => "{\"age\":25}"

If you pass the type reference, it will parse the JSON into a new instance:

Cookies cookies = Cookies.initFromServlet( request, response );
Person adult = cookies.get( "name", Person.class );
if ( adult != null ) {
  adult.getAge(); // => 25
}

Encoding

This project is RFC 6265 compliant. All special characters that are not allowed in the cookie-name or cookie-value are encoded with each one's UTF-8 Hex equivalent using percent-encoding.
The only character in cookie-name or cookie-value that is allowed and still encoded is the percent % character, it is escaped in order to interpret percent input as literal.
To override the default cookie decoding you need to use a converter.

Cookie Attributes

the default cookie attributes can be set globally by setting properties of the .defaults() instance or individually for each call to .set(...) by passing an Attributes instance in the last argument. Per-call attributes override the default attributes.

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.defaults()
  .secure( true )
  .httpOnly( true );
cookies.set( "name", "value", Attributes.empty()
  .httpOnly( false ) // override defaults
);

expires

Define when the cookie will be removed. Value can be an Expiration.days() which will be interpreted as days from time of creation, a java.util.Date or an org.joda.time.DateTime instance. If omitted, the cookie becomes a session cookie.

Default: Cookie is removed when the user closes the browser.

Examples:

DateTime date_2015_06_07_23h38m46s = new DateTime( 2015, 6, 7, 23, 38, 46 );
Cookies cookies = Cookies.initFromServlet( request, response );
cookies.set( "name", "value", Attributes.empty()
  .expires( Expiration.date( date_2015_06_07_23h38m46s ) )
);
cookies.get( "name" ); // => "value"
cookies.remove( "name" );

path

Define the path where the cookie is available.

Default: /

Examples:

Cookies cookies = Cookies.initFromServlet( request, response );
Attributes validToTheCurrentPage = Attributes.empty().path( "" );
cookies.set( "name", "value", validToTheCurrentPath );
cookies.get( "name" ); // => "value"
cookies.remove( "name", validToTheCurrentPath );

domain

Define the domain where the cookie is available

Default: Domain of the page where the cookie was created

Examples:

Cookies cookies = Cookies.initFromServlet( request, response );
cookies.set( "name", "value", Attributes.empty().domain( "sub.domain.com" ) );
cookies.get( "name" ); // => null (need to read at "sub.domain.com")

secure

A Boolean indicating if the cookie transmission requires a secure protocol (https)

Default: No secure protocol requirement

Examples:

Cookies cookies = Cookies.initFromServlet( request, response );
Attributes secureCookie = Attributes.empty().secure( true );
cookies.set( "name", "value", secureCookie );
cookies.get( "name" ); // => "value"
cookies.remove( "name", secureCookie );

httpOnly

A Boolean indicating if the cookie should be restricted to be manipulated only in the server.

Default: The cookie can be manipulated in the server and in the client

Examples:

Cookies cookies = Cookies.initFromServlet( request, response );
Attributes httpOnlyCookie = Attributes.empty().httpOnly( true );
cookies.set( "name", "value", httpOnlyCookie );
cookies.get( "name" ); // => "value"
cookies.remove( "name", httpOnlyCookie );

Converter

Create a new instance of the api that overrides the default decoding implementation.
All methods that rely in a proper decoding to work, such as remove() and get(), will run the converter first for each cookie.
The returning String will be used as the cookie value.

Example from reading one of the cookies that can only be decoded using the Javascript escape function:

// document.cookie = 'escaped=%u5317';
// document.cookie = 'default=%E5%8C%97';

Cookies cookies = Cookies.initFromServlet( request, response );
Cookies escapedCookies = cookies.withConverter(new Cookies.Converter() {
  @Override
  public String convert( String value, String name ) throws ConverterException {
    ScriptEngine javascript = new ScriptEngineManager().getEngineByName( "JavaScript" );
    if ( name.equals( "escaped" ) ) {
      try {
        return javascript.eval( "unescape('" + value + "')" ).toString();
      } catch ( ScriptException e ) {
        throw new ConverterException( e );
      }
    }
    return null;
  }
});

escapedCookies.get( "escaped" ); // => 北
escapedCookies.get( "default" ); // => 北
escapedCookies.get(); // => {escaped=北, default=北}

Instead of passing a converter inline, you can also create a custom strategy by implementing the ConverterStrategy interface:

class CustomConverter implements ConverterStrategy {
  @Override
  public String convert( String value, String name ) throws ConverterException {
    return value;
  }
}
Cookies cookies = Cookies.initFromServlet( request, response );
Cookies cookiesWithCustomConverter = cookies.withConverter( new CustomConverter() );

Contributing

Check out the Contributing Guidelines.