This question
is designed to gauge a candidate's understanding of HTTP cookies
and their role in web applications. It has several levels of
answers, and would be appropriate for any developer building
web applications of any complexity beyond straight HTML. This
question is not geared toward any specific API for working with
cookies, but rather the nature and capabilities of the protocol
itself as it relates to web application design.
What
are HTTP cookies and how do they work? What restrictions are
placed on them? How might they be used in a web application
to provide personalized content?
The depth
of the candidate's answer depends on their technical experience
and understanding of the HTTP protocol. Even the most junior
candidates, even those for less technical positions like producer
or page designer, should understand that web cookies provide
a mechanism for storing small amounts of information in their
browser. A casual web user might point out that they are often
used to identify unique visitors to a site or to save login
information for return visits.
A mid-level developer
should understand that cookies are set by the server and returned
by the browser based on the name of the cookie and the server's
URL. Thus, cookies for one site won't be available to another
(a security precaution). They should also be aware that cookies
have a variable lifetime, which can be as short as a single
browser session.
A more senior developer
would know that cookies are implemented via HTTP request headers.
The server includes a response header telling the browser
to set a cookie with a particular path, name, and value. The
browser then includes any appropriate cookies with each request
header.
In order to implement
a personalization scheme the application must be able to associate
each visitor with his or her personal content. A junior developer
might suggest storing the content in a cookie so that it will
be available upon their return visit. Cookies can only store
a relatively small amount of information (up to 4KB) however,
and are thus more appropriate to storing a key to the actual
information. This is the path a more senior developer might
suggest. Store the username of the visitor (perhaps their
e-mail address) in the cookie, and store their personalized
content in a database, keyed off of that value.
About the author
Duane Fields is a Java developer, author, and Internet technologist
with nearly a decade of professional experience in the design
and development of leading edge Internet products and services.
Duane is also a respected member of the Java development community
and is frequently invited to speak at industry conferences
and events. He has co-authored two books and published numerous
articles on many aspects of web application development from
Java to Relational Databases. The newly expand, second edition
of his best selling book "Web Development with JavaServer
Pages" was released in December of 2001.
|
