Portlet Cookie Support
Design notes for cookie support in portlets for uPortal 3.3
Important Points
- Due to streaming nature of uPortal by the time a portlet is setting cookies it is too late to send them to the browser.
- Set/Update a PORTLET_COOKIE_TOKEN cookie with a big random value in the browser at portal login with configurable future expiration (default to 30 days?)
- Store/Update the token and expiration in the portal DB
- When a portlet stores/updates/gets a cookie it is stored in the portal DB associated with the token for the current request
The diagram shows two new JPA objects. One for tracking the cookie the portal sets in the browser at login and one for each cookie a portlet sets. The portlet cookie also references the existing JPA PortletEntity object to allow for easy retrieval from a portlet entity being rendered and better data integrity (shouldn't have orphaned cookies this way).
The DAO also needs to include methods to purge old portal and portlet cookies. Once the code is complete a scheduled task is needed to periodically purge expired cookies from the DB.