hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject RE: Multiple Host Redirect
Date Tue, 31 Aug 2004 19:52:40 GMT
Ken,
Ok. I have got two ideas:

(1) activate the so called 'strict' mode: 

http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/HttpMethod.html#setStrictMode(boolean)

When in strict mode HttpClient crams all the cookies into a single
'Cookie' header. Some applications cannot handle multiple cookie
headers.

(2) HttpClient does not send back to the server two out of four cookies
(pubcookie_g and pubcookie_l) because their domain attribute
(domain=.x.x) apparently does not match the target host. This _may_
cause the web application to invalidate the session. Since the domain
information has been obfuscated you'll have to see for yourself whether
the domain attribute on those cookies is correct or not

Oleg




On Tue, 2004-08-31 at 21:04, Ken Hall wrote:
> Thanks for your response Oleg. Here is the logging information I
> received and with my eyes I do not see where it is being locked out.
> 
> I did search through all the documents I could find in the archive on
> redirects to no avail.
> 
> Any help would be greatly appreciated.
> 
> -Ken Hall
> 
> 
> 
> *****Start:PostMethod****
> 2004/08/31 13:46:00:491 CDT [DEBUG] HttpConnection -
> -HttpConnection.setSoTimeout(0)
> 2004/08/31 13:46:00:491 CDT [DEBUG] HttpMethodBase - -Execute loop try 1
> 2004/08/31 13:46:00:507 CDT [DEBUG] header - ->> "POST /login.cgi
> HTTP/1.1[\r][\n]"
> 2004/08/31 13:46:00:507 CDT [DEBUG] HttpMethodBase - -Request to add
> Host header ignored: header already added
> 2004/08/31 13:46:00:507 CDT [DEBUG] HttpMethodBase - -Default charset
> used: ISO-8859-1
> 2004/08/31 13:46:00:507 CDT [DEBUG] header - ->> "User-Agent: Jakarta
> Commons-HttpClient/2.0.1[\r][\n]"
> 2004/08/31 13:46:00:523 CDT [DEBUG] header - ->> "Host:
> host.x.x.x[\r][\n]"
> 2004/08/31 13:46:00:523 CDT [DEBUG] header - ->> "Cookie:
> pubcookie_g_req=clear[\r][\n]"
> 2004/08/31 13:46:00:523 CDT [DEBUG] header - ->> "Content-Length:
> 382[\r][\n]"
> 2004/08/31 13:46:00:523 CDT [DEBUG] header - ->> "Content-Type:
> application/x-www-form-urlencoded[\r][\n]"
> 2004/08/31 13:46:00:523 CDT [DEBUG] header - ->> "[\r][\n]"
> 2004/08/31 13:46:00:523 CDT [DEBUG] EntityEnclosingMethod - -Using
> buffered request body
> 2004/08/31 13:46:00:523 CDT [DEBUG] EntityEnclosingMethod - -Request
> body sent
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "HTTP/1.1 200
> OK[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Date: Tue, 31 Aug 2004
> 18:46:06 GMT[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Server: Apache/1.3.29
> (Unix) mod_pubcookie/3.1.1 pre-beta1 (XXX-027) mod_ssl/2.8.16
> OpenSSL/0.9.6m[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Cache-Control:
> no-store, no-cache, must-revalidate[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Expires: Sat, 1 Jan
> 2000 01:01:01 GMT[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Pragma:
> No-Cache[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Set-Cookie:
> pubcookie_cred=cookieVal=; domain=host.x.x.x; secure[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Set-Cookie:
> pubcookie_g=cookieVal==; domain=.x.x; path=/; secure[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Set-Cookie:
> pubcookie_l=cookieVal==; domain=host.x.x.x; path=/; secure[\r][\n]"
> 2004/08/31 13:46:06:413 CDT [DEBUG] header - -<< "Set-Cookie:
> pubcookie_g_req=clear; domain=.x.x; path=/; expires=Fri, 11-Jan-1990
> 00:00:01 GMT; secure[\r][\n]"
> 2004/08/31 13:46:06:429 CDT [DEBUG] header - -<< "Transfer-Encoding:
> chunked[\r][\n]"
> 2004/08/31 13:46:06:429 CDT [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2004/08/31 13:46:06:429 CDT [DEBUG] HttpMethodBase - -Cookie accepted:
> "pubcookie_cred=cookieVal="
> 2004/08/31 13:46:06:429 CDT [DEBUG] HttpMethodBase - -Cookie accepted:
> "pubcookie_g=cookieVal=="
> 2004/08/31 13:46:06:429 CDT [DEBUG] HttpMethodBase - -Cookie accepted:
> "pubcookie_l=cookieVal=="
> 2004/08/31 13:46:06:429 CDT [DEBUG] HttpMethodBase - -Cookie accepted:
> "pubcookie_g_req=clear"
> 2004/08/31 13:46:06:429 CDT [DEBUG] HttpConnection -
> -HttpConnection.getSoTimeout()
> 2004/08/31 13:46:06:507 CDT [DEBUG] HttpConnection - -Input data
> available
> 2004/08/31 13:46:06:507 CDT [DEBUG] HttpMethodBase - -Buffering response
> body
> 2004/08/31 13:46:06:507 CDT [DEBUG] HttpMethodBase - -Resorting to
> protocol version default close connection policy
> 2004/08/31 13:46:06:507 CDT [DEBUG] HttpMethodBase - -Should NOT close
> connection, using HTTP/1.1.
> 2004/08/31 13:46:06:507 CDT [DEBUG] HttpMethodBase - -Default charset
> used: ISO-8859-1respHeader3: Expires: Sat, 1 Jan 2000 01:01:01 GMT
> 
> Login form post: HTTP/1.1 200 OK
> LOGIN SUCCESS
> postOutput:
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
>   <head>
>     <meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1">
>     <meta http-equiv="Refresh" content="0;URL=https://host2/doc.txt">
>   </head>
>   <body>
>   </body>
> </html>
> *****END:PostMethod****
> 
> *****START:GetMethod****
> 2004/08/31 13:46:06:585 CDT [DEBUG] HttpConnection -
> -HttpConnection.setSoTimeout(0)
> 2004/08/31 13:46:06:585 CDT [DEBUG] HttpMethodBase - -Execute loop try 1
> 2004/08/31 13:46:06:601 CDT [DEBUG] header - ->> "GET /doc.txt
> HTTP/1.1[\r][\n]"
> 2004/08/31 13:46:06:601 CDT [DEBUG] HttpMethodBase - -Adding Host
> request header
> 2004/08/31 13:46:06:601 CDT [DEBUG] header - ->> "User-Agent: Jakarta
> Commons-HttpClient/2.0.1[\r][\n]"
> 2004/08/31 13:46:06:601 CDT [DEBUG] header - ->> "Host:
> host.x.x.x[\r][\n]"
> 2004/08/31 13:46:06:601 CDT [DEBUG] header - ->> "Cookie:
> pubcookie_pre_s=cookieVal==[\r][\n]"
> 2004/08/31 13:46:06:601 CDT [DEBUG] header - ->> "Cookie:
> pubcookie_g=cookieVal==[\r][\n]"
> 2004/08/31 13:46:06:679 CDT [DEBUG] header - ->> "[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "HTTP/1.1 200
> OK[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "Date: Tue, 31 Aug 2004
> 18:46:12 GMT[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "Set-Cookie:
> pubcookie_pre_s=cookieVal==; path=/; secure[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "Set-Cookie:
> pubcookie_g_req=cookieVal; domain=.x.x; path=/; secure[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "Expires: Tue, 31 Aug
> 2004 18:46:12 GMT[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "Cache-Control:
> no-store, no-cache, must-revalidate[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "Pragma:
> no-cache[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "Transfer-Encoding:
> chunked[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2004/08/31 13:46:06:820 CDT [DEBUG] HttpMethodBase - -Cookie accepted:
> "pubcookie_pre_s=cookieVal=="
> 2004/08/31 13:46:06:820 CDT [DEBUG] HttpMethodBase - -Cookie accepted:
> "pubcookie_g_req=cookieVal"
> 2004/08/31 13:46:06:820 CDT [DEBUG] HttpConnection -
> -HttpConnection.getSoTimeout()
> 2004/08/31 13:46:06:820 CDT [DEBUG] HttpMethodBase - -Buffering response
> body
> 2004/08/31 13:46:06:820 CDT [DEBUG] HttpMethodBase - -Resorting to
> protocol version default close connection policy
> 2004/08/31 13:46:06:820 CDT [DEBUG] HttpMethodBase - -Should NOT close
> connection, using HTTP/1.1.
> 2004/08/31 13:46:06:820 CDT [DEBUG] HttpMethodBase - -Default charset
> used: ISO-8859-1
> 
> Status: HTTP/1.1 200 OK
> getOutput:<meta HTTP-EQUIV="Refresh"
> CONTENT="0;URL=https://host1/loginPage.htm">
> 
> *****END:GetMethod****
> 
> 
> -----Original Message-----
> From: Ken Hall [mailto:ken.hall@reehergroup.com] 
> Sent: Tuesday, August 31, 2004 11:51 AM
> To: commons-httpclient-dev@jakarta.apache.org
> Subject: Multiple Host Redirect
> 
> If anyone could give me some help with this, I would greatly appreciate
> it. I am having difficulty after successfully logging in to get the
> redirected page and it appears that my issue lies with multiple hosts.
> HTTPS does not seem to be the issue.
> 
>  
> 
> My procedure goes like this.
> 
>  
> 
> 1) Post to page with the correct credentials. 
> 
>  
> 
> 
> 
> ***********
> 
>         PostMethod authpost = new PostMethod("https://host1/url");
> 
>         authpost.setRequestBody(data);
> 
>         
> 
>         try {
> 
>             client.executeMethod(authpost);
> 
>         } catch (HttpException httpe) {
> 
>                                     System.err.print("HttpException.");
> 
>  
> System.err.println(httpe.getMessage()); 
> 
>                                     httpe.printStackTrace(); 
> 
>         } catch (IOException ioe) {
> 
>                                     System.err.print("IOException.");
> 
>  
> System.err.println(ioe.getMessage()); 
> 
>                                     ioe.printStackTrace();
> 
> 
>         }
> 
>        
> 
>         // release any connection resources used by the method
> 
>         authpost.releaseConnection();
> 
> ***********
> 
>  
> 
> 2) Two additional cookies are placed in the request header. It tells me
> I am logged in and I am returned a meta tag refresh in the response
> body. 
> 
>  
> 
> ***********
> 
>     <meta http-equiv="Refresh" content="0;URL=https://host2/url">
> 
>     You should be automatically redirected back to your original page.
> 
>     If you are not automatically redirected, please click <a
> href="https://host2/url">here</a>    
> 
> ***********
> 
>  
> 
> 
> 
> 3) Upon using the GetMethod to go directly to this page which is on a
> different host, I am referred back to the login page. 
> 
>  
> 
> ***********
> 
>             authget = new GetMethod("https://host2/url");
> 
>  
> 
>             try {
> 
>                         client.executeMethod(authget);
> 
>             } catch (HttpException httpe) {
> 
>                         System.err.print("HttpException.");
> 
>                         System.err.println(httpe.getMessage()); 
> 
>                         httpe.printStackTrace(); 
> 
>             } catch (IOException ioe) {
> 
>                         System.err.print("IOException.");
> 
>                         System.err.println(ioe.getMessage()); 
> 
>                         ioe.printStackTrace();               
> 
>             }
> 
>  
> 
>             responseBody = authget.getResponseBodyAsString();
> 
>             authget.releaseConnection();
> 
> ************
> 
>  
> 
> Is their something I am missing or is there a better way to debug this?
> 
>  
> 
> Thanks.
> 
>  
> 
> -Ken Hall
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message