Use of custom cookies in components | Community
Skip to main content
C
courtthreeGDC
Level 3
October 16, 2015
Solved

Use of custom cookies in components

  • October 16, 2015
  • 6 replies
  • 3493 views

It does not seem possible to set a cookie in the client browser by using the standard java Cookie class inside a component.

Consider the follow [very simple] example:

---------------------------------------------------------------------------------------------------------

Cookie mycookie = new Cookie("mycookieName", "mycookieValue");
mycookie.setMaxAge(300);
response.addCookie(mycookie);

---------------------------------------------------------------------------------------------------------

The expected behaviour of this code snippet, when added to any component, is to create a new cookie called "mycookieName" with the value "mycookieValue" in the client browser. However, no cookie is issued in either author or publisher instances.

To reproduce the issue, add the above to an AEM component, activate the page, run it in your browser and observe the developer tools to see what cookies are issued.

I would be incredibly grateful for any assistance or comments on this.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Sham_HC

Have you whitelisted cookie at http://<host>:<port>/system/console/configMgr/com.adobe.granite.optout.impl.OptOutServiceImpl

6 replies

Sham_HC
Sham_HCAccepted solution
Level 10
October 16, 2015

Have you whitelisted cookie at http://<host>:<port>/system/console/configMgr/com.adobe.granite.optout.impl.OptOutServiceImpl

smacdonald2008
smacdonald2008
Level 10
October 16, 2015

Take a look at this class http://dev.day.com/docs/en/cq/current/javadoc/org/apache/sling/commons/json/http/Cookie.html.

J
Adobe Employee
JustinEd3Adobe Employee
Adobe Employee
October 16, 2015

Hi,

There's nothing preventing you from doing this in general (with the standard Java servlet classes). It could be the OptOut service, as Sham noted, although you should see a log message indicating that the cookie was not added. One thing to consider, however, is that you cannot set a cookie after the response buffer has been flushed. This fails rather loudly. Unless you are confident that the response buffer will never be flushed before your component is executed, you should avoid adding cookies in components. Also, adding cookies like this won't work if the page is cached. For both of these reasons, you should consider setting the cookie in JavaScript instead. Although obviously this depends upon your use case.

Regards,

Justin

C
courtthreeGDCAuthor
Level 3
October 16, 2015

Thanks so much for the reply. I've seen that resource previously. Should I take it to mean that you can't use the standard Java Cookie class. If not, how are you meant to use this class to easily/flexibly get and set cookies? It only has 4 methods, none of which are addCookie(). However, I don't receive an error when using addCookie which makes me think it's available anyway? If so, why wouldn't it work?

C
courtthreeGDCAuthor
Level 3
October 16, 2015

Thanks Sham,

The short answer to that question is "no I haven't". Do you know if it's a default setting that all cookies would be blocked unless explicitly allowed in the white list? I ask because I don't think this has ever been configured so would it block automatically?

C
courtthreeGDCAuthor
Level 3
October 16, 2015

Hi Justin,

Thanks for the response. Sham was right in this case, I have added the cookie to the white list and all is good.

I am interested, however, in your other comments about the dangers of using cookies in this way. Can you tell me a little more about the potential problems you see with setting a cookie in this way - in particular, what circumstances would require the the response buffer to be flushed?

I am very tempted to use javascript but [being a bit old school] I am always sceptical of building core functionality that requires javascript to work or would you say this is less of a concern these days? I mean, using JQuery to animate a news ticker or drop down menu that can be accessed in pure HTML elsewhere is fair enough but a log-in system entirely reliant on javascript intuitively feels wrong.

What do you think?

Terms & ConditionsAccessibility statement

Loading footer...