hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Issue With HttpClient Session Handling
Date Wed, 08 Dec 2004 12:40:17 GMT
Manish,

> 6) The issue is with the httpsession which is getting lost.
> Meaning if the login servlet had something like
> req.getSession(true).setAttribute("attrrib","test")

Please note that it is not HttpClient that loses the session cookie but
your web application. It is responsibility of your web application to
maintain the session with the web client. HttpClient is in its turn
responsible for maintaining the conversational state with the target
host (http://www.hotmail.com/login in your example)

We generally STRONGLY discourage the direct use of HttpConnection
objects. Please see the HttpClient tutorial for details on the
recommended use patterns

http://jakarta.apache.org/commons/httpclient/tutorial.html

Hope this helps

Oleg




On Wed, Dec 08, 2004 at 04:14:28PM +0530, Manish Moorjani wrote:
> Hi All,
> 
> Sorry for not giving exact details 
> Here are they
> 
> 1) I have a requirement to login from a client using a given
> userid-password to a server, where my application is sitting in
> between,lets say the server application is http://www.hotmail.com/login
> 
> The flow is like
> 
> Client Browser ---> My Application(HttpClient) --> Application
> Server(hotmail application)
> 
> 2) So what I do is make a POST call on http://www.hotmail.com/login
> 
> 3) If the userid and password are correct http://www.hotmail.com/login
>  always gives a response like this
> <html><head></script>window.open('home','_top')</script></head></html>
> 
> 4) I get the response and throw it to the client browser
> AS the browser interprets the response, it will redirect to the url
> 'home'.
> 
> 5) I also get cookies from the httpMethod I obtain the response headers
> I dump them straight away to the response object of the client browser.
> This works fine and the cookies are set
> 
> 6) The issue is with the httpsession which is getting lost.
>     Meaning if the login servlet had something like
> req.getSession(true).setAttribute("attrrib","test")
> 
>  And assume the home servlet tries to fetch it, it gets a null !!!
> 
> I hope I am clear this time :-)
>  the Http Client code is here(as I had posted earlier)
> 
> 
> PostMethod httpMethod = new PostMethod (strRemoteURL);
> httpMethod.addParameter(new NameValuePair("fldUserId",strUserId));
> httpMethod.addParameter(new NameValuePair("fldPassword",strPassword));
>  
> HttpConnection connConnection
> =httpClient.getHttpConnectionManager().getConnection(httpClient.getHostC
> onfiguration());
>  
> iStatusCode=httpMethod.execute(httpClient.getState(),connConnection);
>  
> After the execution is successful, I use the following code to set the
> response headers
> Header[] resHead=httpMethod.getResponseHeaders();
>       for(int i=0;i<resHead.length;i++)
>       {
>             res.addHeader(resHead[i].getName(),resHead[i].getValue());
>  
>       }
> 
> Regards,
> Manish Moorjani
> 
> 
> -----Original Message-----
> From: Roland Weber [mailto:ROLWEBER@de.ibm.com] 
> Sent: Wednesday, December 08, 2004 3:59 PM
> To: HttpClient Project
> Subject: Re: Issue With HttpClient Session Handling
> 
> Hello  Manish,
> 
> could you be a little more specific about your usage of HttpClient?
> Are you using it as a client to connect to a server where your
> servlet is running? Or are you using it from a servlet to connect
> to a backend server? Are you having problems with the client's
> session kept on the server, or with a session of the server which
> is kept on a backend server?
> 
> Your code fragment does not include the part that is most
> important for session handling by HttpClient: which HttpState
> object is used when the method is executed? That is where the
> cookies are stored, and many servers use cookies to track the
> session.
> 
> If you are trying to pass headers from a backend server through
> your application to a client, you will also have problems with
> cookie domains. Assuming three machines in different domains,
> the server.at.the.backend will send a cookie for ".at.the.backend".
> If the same cookie is returned by "server.in.the.middle", clients
> will not accept a cookie for a domain other than ".in.the.middle".
> 
> cheers,
>   Roland
> 
> 
> 
> 
> 
> "Manish Moorjani" <Manish_Moorjani@infosys.com> 
> 08.12.2004 11:11
> Please respond to
> "HttpClient Project"
> 
> 
> To
> <httpclient-dev@jakarta.apache.org>
> cc
> 
> Subject
> Issue With HttpClient Session Handling
> 
> 
> 
> 
> 
> 
> Hi,
>  
> I am using HttpClient for automatic login into an application by calling
> the Post Method.
>  
> PostMethod httpMethod = new PostMethod (strRemoteURL);
> httpMethod.addParameter(new NameValuePair("fldUserId",strUserId));
> httpMethod.addParameter(new NameValuePair("fldPassword",strPassword));
>  
> HttpConnection connConnection
> =httpClient.getHttpConnectionManager().getConnection(httpClient.getHostC
> onfiguration());
>  
> iStatusCode=httpMethod.execute(httpClient.getState(),connConnection);
>  
> After the execution is successful, I use the following code to set the
> response headers
> Header[] resHead=httpMethod.getResponseHeaders();
>       for(int i=0;i<resHead.length;i++)
>       {
>             res.addHeader(resHead[i].getName(),resHead[i].getValue());
>  
>       }
>  
> Where res is HttpServletResponse .
>  
> Everything works fine for me, the cookies get set the browser.
> But I am having the following issues
>  
> The response is like this
>  
> <html><head><script>window.open('test1','_top')</script></head></html>
>  
> In the test1 I have something like
> req.getSession(true).getAttribute(attrb1)
> Which is returning null !!!
>  
> It works fine If I access it directly, any inputs on this ????
>  
>  
>  
>  
>  
> Regards,
> Manish Moorjani
>  
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message