Design notes for cookie support in portlets for uPortal 3.3
Important Points
- Due to streaming nature of uPortal by the time a portlet is setting cookies it is too late to send them to the browser.
- Set/Update a PORTLET_COOKIE_TOKEN cookie with a big random value in the browser at portal login with configurable future expiration (default to 30 days?)
- Store/Update the token and expiration in the portal DB
- When a portlet stores/updates/gets a cookie it is stored in the portal DB associated with the token for the current request