Return-Path: Delivered-To: apmail-jakarta-httpclient-dev-archive@www.apache.org Received: (qmail 99687 invoked from network); 8 Dec 2004 12:40:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 8 Dec 2004 12:40:40 -0000 Received: (qmail 59775 invoked by uid 500); 8 Dec 2004 12:40:23 -0000 Delivered-To: apmail-jakarta-httpclient-dev-archive@jakarta.apache.org Received: (qmail 59698 invoked by uid 500); 8 Dec 2004 12:40:21 -0000 Mailing-List: contact httpclient-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "HttpClient Project" Reply-To: "HttpClient Project" Delivered-To: mailing list httpclient-dev@jakarta.apache.org Received: (qmail 59608 invoked by uid 99); 8 Dec 2004 12:40:17 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from mail13.bluewin.ch (HELO mail13.bluewin.ch) (195.186.18.62) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 08 Dec 2004 04:40:14 -0800 Received: from xbox.localdomain (62.202.82.97) by mail13.bluewin.ch (Bluewin AG 7.0.032) id 41B452F10002C4CC for httpclient-dev@jakarta.apache.org; Wed, 8 Dec 2004 12:40:09 +0000 Received: by xbox.localdomain (Postfix, from userid 1000) id BA336B6ECB; Wed, 8 Dec 2004 13:40:17 +0100 (CET) Date: Wed, 8 Dec 2004 13:40:17 +0100 From: Oleg Kalnichevski To: HttpClient Project Subject: Re: Issue With HttpClient Session Handling Message-ID: <20041208124017.GA17310@xbox.localdomain> Mail-Followup-To: HttpClient Project References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Manish, > 6) The issue is with the httpsession which is getting lost. > Meaning if the login servlet had something like > req.getSession(true).setAttribute("attrrib","test") Please note that it is not HttpClient that loses the session cookie but your web application. It is responsibility of your web application to maintain the session with the web client. HttpClient is in its turn responsible for maintaining the conversational state with the target host (http://www.hotmail.com/login in your example) We generally STRONGLY discourage the direct use of HttpConnection objects. Please see the HttpClient tutorial for details on the recommended use patterns http://jakarta.apache.org/commons/httpclient/tutorial.html Hope this helps Oleg On Wed, Dec 08, 2004 at 04:14:28PM +0530, Manish Moorjani wrote: > Hi All, > > Sorry for not giving exact details > Here are they > > 1) I have a requirement to login from a client using a given > userid-password to a server, where my application is sitting in > between,lets say the server application is http://www.hotmail.com/login > > The flow is like > > Client Browser ---> My Application(HttpClient) --> Application > Server(hotmail application) > > 2) So what I do is make a POST call on http://www.hotmail.com/login > > 3) If the userid and password are correct http://www.hotmail.com/login > always gives a response like this > window.open('home','_top') > > 4) I get the response and throw it to the client browser > AS the browser interprets the response, it will redirect to the url > 'home'. > > 5) I also get cookies from the httpMethod I obtain the response headers > I dump them straight away to the response object of the client browser. > This works fine and the cookies are set > > 6) The issue is with the httpsession which is getting lost. > Meaning if the login servlet had something like > req.getSession(true).setAttribute("attrrib","test") > > And assume the home servlet tries to fetch it, it gets a null !!! > > I hope I am clear this time :-) > the Http Client code is here(as I had posted earlier) > > > PostMethod httpMethod = new PostMethod (strRemoteURL); > httpMethod.addParameter(new NameValuePair("fldUserId",strUserId)); > httpMethod.addParameter(new NameValuePair("fldPassword",strPassword)); > > HttpConnection connConnection > =httpClient.getHttpConnectionManager().getConnection(httpClient.getHostC > onfiguration()); > > iStatusCode=httpMethod.execute(httpClient.getState(),connConnection); > > After the execution is successful, I use the following code to set the > response headers > Header[] resHead=httpMethod.getResponseHeaders(); > for(int i=0;i { > res.addHeader(resHead[i].getName(),resHead[i].getValue()); > > } > > Regards, > Manish Moorjani > > > -----Original Message----- > From: Roland Weber [mailto:ROLWEBER@de.ibm.com] > Sent: Wednesday, December 08, 2004 3:59 PM > To: HttpClient Project > Subject: Re: Issue With HttpClient Session Handling > > Hello Manish, > > could you be a little more specific about your usage of HttpClient? > Are you using it as a client to connect to a server where your > servlet is running? Or are you using it from a servlet to connect > to a backend server? Are you having problems with the client's > session kept on the server, or with a session of the server which > is kept on a backend server? > > Your code fragment does not include the part that is most > important for session handling by HttpClient: which HttpState > object is used when the method is executed? That is where the > cookies are stored, and many servers use cookies to track the > session. > > If you are trying to pass headers from a backend server through > your application to a client, you will also have problems with > cookie domains. Assuming three machines in different domains, > the server.at.the.backend will send a cookie for ".at.the.backend". > If the same cookie is returned by "server.in.the.middle", clients > will not accept a cookie for a domain other than ".in.the.middle". > > cheers, > Roland > > > > > > "Manish Moorjani" > 08.12.2004 11:11 > Please respond to > "HttpClient Project" > > > To > > cc > > Subject > Issue With HttpClient Session Handling > > > > > > > Hi, > > I am using HttpClient for automatic login into an application by calling > the Post Method. > > PostMethod httpMethod = new PostMethod (strRemoteURL); > httpMethod.addParameter(new NameValuePair("fldUserId",strUserId)); > httpMethod.addParameter(new NameValuePair("fldPassword",strPassword)); > > HttpConnection connConnection > =httpClient.getHttpConnectionManager().getConnection(httpClient.getHostC > onfiguration()); > > iStatusCode=httpMethod.execute(httpClient.getState(),connConnection); > > After the execution is successful, I use the following code to set the > response headers > Header[] resHead=httpMethod.getResponseHeaders(); > for(int i=0;i { > res.addHeader(resHead[i].getName(),resHead[i].getValue()); > > } > > Where res is HttpServletResponse . > > Everything works fine for me, the cookies get set the browser. > But I am having the following issues > > The response is like this > > > > In the test1 I have something like > req.getSession(true).getAttribute(attrb1) > Which is returning null !!! > > It works fine If I access it directly, any inputs on this ???? > > > > > > Regards, > Manish Moorjani > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org