1.声明

本文属于个人理解，如果觉得理解有误的话还请各位指出。

2.问题描述

cookie是什么？servlet中cookie是什么？servlet中如何设置cookie？什么时候会设置cookie？为什么第一次访问jsp页面会设置一个cookie?为什么会设置一个JSESSIONID的cookie？

3.什么是cookie？

cookie 严格来讲是http cookie。cookie是http状态管理的原理。

4.servlet中cookie是什么？servlet如何设置cookie？

在Servlet中就是http cookie的实现。

servlet中如何设置cookie?

参考：

5.什么时候会设置cookie？

一般会在访问网站的首页即域名指向的页面，如访问www.oschina.net，会设置如下cookie

Cache-Control:no-cacheConnection:keep-aliveContent-Encoding:gzipContent-Type:text/html;charset=UTF-8Date:Sat, 29 Oct 2016 07:15:49 GMTPragma:no-cacheServer:Qnginx/1.2.0Set-Cookie:_user_behavior_=d4d09369-debd-459e-be95-5eb7acb38477; Domain=.oschina.net; Expires=Sun, 29-Oct-2017 07:15:49 GMT; Path=/; HttpOnlyTransfer-Encoding:chunkedVary:Accept-EncodingX-NWS-LOG-UUID:1877b550-129c-406d-8252-83bf00fb05c8

也有可能在登入成功后设置一些cookie，oschina登入成功后会添加 oscid的cookie

6.为什么第一次访问jsp页面会设置一个cookie？

这里所说的第一次是指当客户端浏览器与服务端还没有建立回话或者回话超时。如果jsp没有显示的使用<%@page Session=”false”%>关闭session的话，则jsp页面默认都是开启Session的,也就是jsp存在session内置对象的原因。

参考：

也可以到tomcat下看下jsp生成的对应的Servlet，关键代码如下

• 设置<%@page Session=”true”%>或者不设值

public void _jspService(final javax.servlet.http.HttpServletRequest request, final javax.servlet.http.HttpServletResponse response)        throws java.io.IOException, javax.servlet.ServletException {final java.lang.String _jspx_method = request.getMethod();if (!"GET".equals(_jspx_method) && !"POST".equals(_jspx_method) && !"HEAD".equals(_jspx_method) && !javax.servlet.DispatcherType.ERROR.equals(request.getDispatcherType())) {response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "JSPs only permit GET POST or HEAD");return;}    final javax.servlet.jsp.PageContext pageContext;    javax.servlet.http.HttpSession session = null;    final javax.servlet.ServletContext application;    final javax.servlet.ServletConfig config;    javax.servlet.jsp.JspWriter out = null;    final java.lang.Object page = this;    javax.servlet.jsp.JspWriter _jspx_out = null;    javax.servlet.jsp.PageContext _jspx_page_context = null;    try {      response.setContentType("text/html;charset=UTF-8");      pageContext = _jspxFactory.getPageContext(this, request, response,      			null, true, 8192, true);//第五个参数true启用session      _jspx_page_context = pageContext;      application = pageContext.getServletContext();      config = pageContext.getServletConfig();      session = pageContext.getSession();//这个其实调用的就是HttpServletRquest.getSession();      out = pageContext.getOut();      _jspx_out = out;      out.write("\n");      out.write("\n");      out.write("\n");      out.write("\n");      out.write("    \n");      out.write("\n");      out.write("\n");      out.write("$END$\n");      out.write("\n");      out.write("\n");    } catch (java.lang.Throwable t) {      if (!(t instanceof javax.servlet.jsp.SkipPageException)){        out = _jspx_out;        if (out != null && out.getBufferSize() != 0)          try {            if (response.isCommitted()) {              out.flush();            } else {              out.clearBuffer();            }          } catch (java.io.IOException e) {}        if (_jspx_page_context != null) _jspx_page_context.handlePageException(t);        else throw new ServletException(t);      }    } finally {      _jspxFactory.releasePageContext(_jspx_page_context);    }  }

• 设置<%@page Session=”false”%>

public void _jspService(final javax.servlet.http.HttpServletRequest request, final javax.servlet.http.HttpServletResponse response)        throws java.io.IOException, javax.servlet.ServletException {final java.lang.String _jspx_method = request.getMethod();if (!"GET".equals(_jspx_method) && !"POST".equals(_jspx_method) && !"HEAD".equals(_jspx_method) && !javax.servlet.DispatcherType.ERROR.equals(request.getDispatcherType())) {response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "JSPs only permit GET POST or HEAD");return;}    final javax.servlet.jsp.PageContext pageContext;    final javax.servlet.ServletContext application;    final javax.servlet.ServletConfig config;    javax.servlet.jsp.JspWriter out = null;    final java.lang.Object page = this;    javax.servlet.jsp.JspWriter _jspx_out = null;    javax.servlet.jsp.PageContext _jspx_page_context = null;    try {      response.setContentType("text/html;charset=UTF-8");      pageContext = _jspxFactory.getPageContext(this, request, response,      			null, false, 8192, true);//第五个参数false不启用session      _jspx_page_context = pageContext;      application = pageContext.getServletContext();      config = pageContext.getServletConfig();       //不会生成session = pageContext.getSession();      out = pageContext.getOut();      _jspx_out = out;      out.write("\n");      out.write("\n");      out.write("<\n");      out.write("\n");      out.write("\n");      out.write("\n");      out.write("\n");      out.write("$END$\n");      out.write("\n");      out.write("\n");    } catch (java.lang.Throwable t) {      if (!(t instanceof javax.servlet.jsp.SkipPageException)){        out = _jspx_out;        if (out != null && out.getBufferSize() != 0)          try {            if (response.isCommitted()) {              out.flush();            } else {              out.clearBuffer();            }          } catch (java.io.IOException e) {}        if (_jspx_page_context != null) _jspx_page_context.handlePageException(t);        else throw new ServletException(t);      }    } finally {      _jspxFactory.releasePageContext(_jspx_page_context);    }  }

7.为什么会设置一个JSESSIONID的cookie？