1-by-1 black pixel for creating lines
1-by-1 black pixel for creating lines
EricGiguere.com > Eric's BlackBerry Pages > Cookie Caching
Printer-friendly version Set your preferences
Read my blogs on AdSense and affiliate marketing
 BlackBerry Pages 
Development Tips
•  HTTP Issues
•  Cookie Caching

Cookie Caching

A documented feature of the BlackBerry Enterprise Server (BES) is the ability to have the BES handle cookies on behalf of client applications. In other words, any Set-Cookie headers sent back in HTTP responses can be intercepted by the BES (which is acting as a web proxy server) and stripped out of the response sent back down to the client. The cookie is then automatically inserted into subsequent requests by the client app when its request passes through the BES (again, in its capacity as a proxy server).

A Bad Feature

In my opinion, this cookie handling feature is not a feature but a bug. The basic problem is this: if a session cookie is used, there's no way for the application to signal the BES that the "session" is finished. The normal behavior is for the client to clear session cookies when the session terminates. In a browser, this usually means when the browser is exited. In a J2ME application, the application simply stops sending the cookie in subsequent requests.

But since the BES is handling the cookies for you, when exactly does the "session" end? It doesn't! So what happens is that you get a stale cookie being appended to your app's requests. If the server on the other end doesn't like it, too bad.

The Best Solution

The best solution? Turn off the BES-level cookie handling and let the application do the cookie handling by itself. All you do is set this property in the configuration file:

application.handler.http.CookieSupport = false

You can also set it directly from the BES management console.

A Back Door

If for whatever reason you can't disable BES cookie handling (such as when your IT department won't let you change the BES settings) then there's a back door that works with more recent devices. This back door lets you override the cookie handling on a connection basis. It's what RIM's own browser uses.

All you do is this: when your application makes its HTTP request, set the "Accept" header to the following string:


This is easily done using the HttpConnection.setRequestProperty method, of course. When the BES sees this, it thinks that the browser is making the request and it lets the Set-Cookie header pass through unscathed down to the application and doesn't append any Cookie headers on the request.

Truly a hack, but a hack that works.

Learn about these ads
Google Web www.ericgiguere.com   
1-by-1 black pixel for creating lines
Copyright ©2003-2012 Eric Giguere | Send mail about this page | About this site | Privacy policy
Site design and programming by Eric Giguere | Hosting by KGB Internet Solutions
This site is Java-powered
Other sites: The Unofficial AdSense Blog | Google Suggest Explorer | Invisible Fence Guide | Synclastic
This page was last modified on September 12, 2005
1-by-1 black pixel for creating lines
1-by-1 black pixel for creating lines