SessionCookie is a Java library for storing Servlet based HttpSession objects as a cookie stored in the client browser.
You can download sessioncookie-1.0.0-beta.jar directly and place in your project.
Add the following dependency into your Maven project:
<dependency>
<groupId>org.baswell</groupId>
<artifactId>sessioncookie</artifactId>
<version>1.0.0-beta</version>
</dependency>
SessionCookie runs within a Java Servlet container at API 3.0 or higher and a JVM at 1.7 or higher. SessionCookie has no other external dependencies.
The SessionCookieFilter should be added as the first filter in your application.
<filter>
<filter-name>SessionCookieFilter</filter-name>
<filter-class>org.baswell.sessioncookie.SessionCookieFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionCookieFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
This filter should be placed in front of all HTTP request that use HttpSession. In addition to the filter-mapping
configuration, you can control which HTTP requests are candidates for routes with the ONLY
and EXCEPT
filter parameters
(this can improve performance when it's known that certain HTTP paths won't map to routes). Once the filter is in place all HttpSession objects will be backed by cookies.
The following are reasons you might not want to use SessionCookie.
- You can only store about 4kb of data in a cookie. If your encoded and encrypted sessions are larger then this then this library will not work for your needs.
- Session cookies are sent along with every request made to your server. This increases the size of the requests and responses going back and forth. If you're storing a lot of data in your session this could have a real impact on performance.
- If you accidentally expose your encryption key, your users can change the data you’ve put inside your cookie. This is obviously a bad a thing because a user (for example) could set the user ID to become any user they wanted.