Secure Cookies: Creating a
1. Creating a Secure Cookie. The code mentioned throughout
this tutorial can be downloaded here. There are five files that are used
to create, use, encrypt, and decrypt a cookie. A user will fill out the
form created from CopyForm, which will be sent to CopyServlet to create
a cookie. The other files are utilities that will be used throughout the
Copyform.java creates a form that the client will fill out and submit,
to register. The form has to perform two functions. The first is to
check for a cookie from this domain and if present it will retrieve the
data related to it. The second function is to allow a client to submit
their data and receive a cookie.
Copyservlet.java will check the data that the client submitted to ensure
that the form is not blank. If the data is valid it will be saved and
used to create an ID for that client. The ID will be encrypted and
placed into a cookie that is sent to the client.
2. Classes Folder. In your C:\Tomcat\Tomcat5\webapps\ROOT\WEB-INF
folder create a folder called classes. You will put all your servlets
into this folder. Then inside classes create a folder called
securecookie. This folder will contain all the class used in this
tutorial. You created the securecookie folder because all the java files
are in the package called securecookie.
Unzip SecureCookies.zip and move all the java files into
C:\Tomcat\Tomcat5\webapps\ROOT\WEB-INF\classes\securecookies. Next you
need to compile all the java files using the command window. Open the
command window and navigate to C:\Tomcat\Tomcat5\webapps\ROOT\WEB-INF\classes\securecookies.
You can compile the entire directory by using the javac *.java command.
3. Test Servlet Form. To make it easier to find the cookie you
will receive you can clear all cookies from your browser. To access the
servlet open a browser and navigate to http://localhost/servlet/securecookie.copyform,
fill out the form, and press Register to submit it.
You will receive a cookie and see a thank you screen, which echoes your
4. Viewing Cookies. To view the cookie you were sent click on
Tools and select Options. Select the Privacy icon, which is represented
by a lock and select the Cookies tab. Then click View Cookies to find
the cookie you received from the servlet.
Under the Site heading find the Localhost folder, which is the site that
the cookie belongs to and expand it. You will now see all the cookies
that belong to that site along with their name. Click on the e-commerce
cookie, which will show you the cookies’ contents.
5. Repeat Visitor. Go back to http://localhost/servlet/securecookie.copyform
and you will be presented with a custom welcome screen and the form will
be filled in for you.
This is a simple servlet that can only store the information from one
person. It then returns that information if the browser has a cookie
from localhost. To use a more complicated version of this servlet the ID
would be entered into a database with the contents of the form. When a
client returns the server would obtain their cookie and decrypt the ID
to check it against those in the database. If a match is found then that
information would be presented to the client. However, if a match is not
found the client will be asked to register and then be sent a cookie.
Remember this example does not use a secure connection, which should be
used in addition to encrypted to increase the security level of the