Cookies – Store an authentication token – Education Career Blog

I’d like to place a cookie on the client that holds an authentication token. After they log in with their credentials, they can just send the token instead of credentials until the server determines the token has expired.

Below is the constructor for the cookie. I’m using restlets and am unsure about what to set “path” and “domain” to. What are the purpose of these fields? Also, if I set ‘secure’ to ‘true’ does that mean it won’t transmit the cookie if the connection is not https?

public CookieSetting(int version,
                     String name,
                     String value,
                     String path,
                     String domain,
                     String comment,
                     int maxAge,
                     boolean secure,
                     boolean accessRestricted);

//'secure' - Indicates if cookie should only be transmitted by secure means.
//'accessRestricted' - Indicates whether to restrict cookie access to untrusted parties.
//  Currently this toggles the non-standard but widely supported HttpOnly cookie parameter.

,

For example, if you set domain=xyz.com, path=/app and secure=true, browser will send the cookie when calling https://xyz.com/app/

if secure=true is set, the cookie will not be sent when using http://xyz.com/app URL.

Leave a Comment