hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a.r.dikh...@kpn.com
Subject RE: Problem maintaining sessions through HTTPS
Date Thu, 23 Oct 2003 12:05:46 GMT
Problem solved. It turned out to be the server.

We fixed it by installing Apache as an OC4J front-end, which coincidentally
also fixed another cookie-related bug we were working on.

Thanks for the help!

Arjan

-----Original Message-----
From: Dikhoff, A (ICT) 
Sent: donderdag 23 oktober 2003 10:59
To: 'Commons HttpClient Project'
Subject: RE: Problem maintaining sessions through HTTPS


> I assume that the session is referenced by a session ID in a Cookie. You 
> should examine the Cookie store of the HttpState class and find out 
> which cookies the server needs. Then you should check if those cookies 
> are correctly transmitted to the server. Maybe the cookies are rejected 
> by HttpClient because they are not specs conformant. Check the Log for 
> warnings.
> 
> Also in my experience Oracle Appservers have a weird session management, 
> especially when using Single Sign-on. I know of situations where 
> sessions just got lost in between requests (with a normal web browser).

Hi, thanks for the quick response.

We've been examining the headers, but the server doesn't seem to send any
cookies (in http it does, but not in https). I was assuming this was
supposed to be done through some under-water process (I'm not very familiar
with https), but the HttpState object does not contain any cookies in its
cookie collection after the first request (in http it does). Is this normal?

Response header in http:
Response Headers
response header:Date: Thu, 23 Oct 2003 08:35:01 GMT
response header:Server: Oracle9iAS (1.0.2.2.1) Containers for J2EE
response header:Content-Length: 15487
response header:Set-Cookie: JSESSIONID=9004377a52b1419eb8848623c2e3a356;
Path=/
response header:Cache-Control: private
response header:Connection: Close
response header:Content-Type: text/xml
response header:Content-Language: nl-NL
response header:Content-Location:
/WEB-INF/actionsets/xmldialog/questionaire.jsp
response header:Content-Language: nl-NL
response header:Content-Language: nl-NL 


Response header in https (same server, different port):
Response Headers
response header:Date: Thu, 23 Oct 2003 08:39:59 GMT
response header:Server: Oracle9iAS (1.0.2.2.1) Containers for J2EE
response header:Content-Length: 15499
response header:Connection: Close
response header:Content-Type: text/xml
response header:Content-Language: nl-NL
response header:Content-Location:
/WEB-INF/actionsets/xmldialog/questionaire.jsp
response header:Content-Language: nl-NL
response header:Content-Language: nl-NL 

A coworker has found more hints that this may indeed be a server-bug. Right
now we're setting up Apache to do more testing. I'll keep you updated if
you're interested.

regards, Arjan


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message