hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "leung cc" <dksle...@hotmail.com>
Subject can I NOT have the cookie please
Date Tue, 08 Aug 2006 09:41:17 GMT
This is actually a problem that arised after I went about solving my applet 
+ commons-httpclient -> https + client cert problem taking advice from Oleg 
and others here. Well, I customized Oleg's AuthSSLProtocolSocketFactory and 
succeeded in making a connection to the servlet in my applet. But it 
appearedthat httpclient was sending a cookie of unknown origin to the 
servlet and that caused the servlet to not recognize the session which the 
applet was supposed to be part of. So I changed to method to Get (was using 
Post) and tried to advise the servlet of the correction session by adding 
"JSESSIONID=..." to the URL. I thought setting the cookie policy would have 
stopped httpclient from sending any cookies but I was wrong and so I added 
the setRequestHeader() call too (right, was shooting in the dark) but that 
didn't seem to improve it.

GetMethod rqst = new GetMethod( "ccs" + Constants.APP_HOME_URL_PFX +
         "/GiveLotOrCPCInfoAlt.jsp?JSESSIONID=" + this.httpSessId +
         "&qkt=" + qryKeyType +
         "&qk=" + URLEncoder.encode( psLotNum ) +
         "&ak=" + URLEncoder.encode( acsKey ) );

      rqst.getParams().setCookiePolicy( CookiePolicy.IGNORE_COOKIES );
      rqst.setRequestHeader( "Set-Cookie",
                             "JSESSIONID=" + this.httpSessId +
                             "; Path=/whatever; Secure" );  // HC

Now, my questions are:

1. My servlet side is arranged with apache in the forefront and tomcat at 
the back, so maybe tomcat isn't seeing the jsessionid info and I should 
tell Apache rather than tomcat what the session I want?  If this isn't 
clear, let me say this: in my case apache is our webserver which is 
listening for both http and https requests and tomcat only runs the jsp 
programs - although tomcat can serve as a webserver, we are NOT using that 
functionality of its.

Now, how does one tell apache the session id on the URL (not cookie)?

2. What's the "Set-Cookie" header?  How is it different from the "Cookie" 
header?

3. Httpclient is sending a cookie that contained the desired session id to 
the server, where did it get the idea of the session id from? The webpage 
where my applet is contained has a different session id, which I tried 
totell the servlet with the "jsessionid=..." parameter to the URL.

And I wonder if any authors/contributors of httpclient can be bothered to 
look into the possibility of smoothly deploying httpclient in an applet - 
you know, where the user (ok, us programmers) don't have to worry about 
session, certs and things like that.  I can't see Oleg being interested 
because he told me he'd avoid applets, too bad. :(

Below is the rather long winded log I copied off my java console (edited a 
littleto protect my employer's interest), enjoy (er, sorry)... 

2006/08/08 17:04:13:770 CST [DEBUG] HttpClient - Java version: 1.5.0_04
2006/08/08 17:04:13:770 CST [DEBUG] HttpClient - Java vendor: Sun 
Microsystems Inc.
2006/08/08 17:04:13:930 CST [DEBUG] DefaultHttpParams - Set parameter 
http.useragent = Jakarta Commons-HttpClient/3.0.1
2006/08/08 17:04:13:990 CST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.version = HTTP/1.1
2006/08/08 17:04:14:100 CST [DEBUG] DefaultHttpParams - Set parameter 
http.connection-manager.class = class 
org.apache.commons.httpclient.SimpleHttpConnectionManager
2006/08/08 17:04:14:100 CST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.cookie-policy = rfc2109
2006/08/08 17:04:14:100 CST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.element-charset = US-ASCII
2006/08/08 17:04:14:100 CST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.content-charset = ISO-8859-1
2006/08/08 17:04:14:150 CST [DEBUG] DefaultHttpParams - Set parameter 
http.method.retry-handler = 
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@1f9e31e
2006/08/08 17:04:14:150 CST [DEBUG] DefaultHttpParams - Set parameter 
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy 
HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE, 
dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss 
z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy 
HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z, 
EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
2006/08/08 17:04:14:260 CST [DEBUG] DefaultHttpParams - Set parameter 
http.socket.timeout = 60000
2006/08/08 17:04:14:260 CST [DEBUG] DefaultHttpParams - Set parameter 
http.connection.timeout = 30000
2006/08/08 17:04:14:760 CST [TRACE] GetMethod - enter GetMethod(String)
2006/08/08 17:04:14:760 CST [DEBUG] DefaultHttpParams - Set parameter 
http.protocol.cookie-policy = ignoreCookies
2006/08/08 17:04:14:760 CST [TRACE] HttpClient - enter 
HttpClient.executeMethod(HttpMethod)
2006/08/08 17:04:14:760 CST [TRACE] HttpClient - enter 
HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
2006/08/08 17:04:15:360 CST [TRACE] HttpMethodDirector - Attempt number 1 
to process request
2006/08/08 17:04:15:360 CST [TRACE] HttpConnection - enter 
HttpConnection.open()
2006/08/08 17:04:15:360 CST [DEBUG] HttpConnection - Open connection to 
www.blahblah.com.hk:443
2006/08/08 17:04:15:360 CST [DEBUG] CCSAuthSSLProtocolSocketFactory - 
Initializing key store
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory - 
Keystore init done
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory - 
Certificate chain '1':
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -  
Certificate 1:
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Subject DN: <details removed for security>
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Signature Algorithm: MD5withRSA
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Valid from: Tue Oct 21 13:08:33 CST 2003
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Valid until: Wed Oct 19 13:08:33 CST 2011
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Issuer: <details removed to protect the innocent>
2006/08/08 17:04:15:420 CST [DEBUG] CCSAuthSSLProtocolSocketFactory - 
Initializing key manager
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory - 
Initializing key store
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory - 
Keystore init done
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory - 
Trusted certificate 'mykey':
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Subject DN: <details removed for security>
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Signature Algorithm: MD5withRSA
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Valid from: Mon Sep 16 09:23:26 CST 2002
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Valid until: Thu Sep 13 09:23:26 CST 2012
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory -   
Issuer: <details removed>
2006/08/08 17:04:15:470 CST [DEBUG] CCSAuthSSLProtocolSocketFactory - 
Initializing trust manager
2006/08/08 17:04:15:740 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.execute(HttpState, HttpConnection)
2006/08/08 17:04:15:740 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.writeRequest(HttpState, HttpConnection)
2006/08/08 17:04:15:740 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.writeRequestLine(HttpState, HttpConnection)
2006/08/08 17:04:15:740 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.generateRequestLine(HttpConnection, String, String, String, 
String)
2006/08/08 17:04:15:960 CST [DEBUG] header - >> "GET 
/whatever/GiveLotOrCPCInfoAlt.jsp?JSESSIONID=39570AD89DD8BB6E781F68675787218E&qkt=lot

&qk=339570&ak=a53d6754dc96b3f0f9cfc795e9778169 HTTP/1.1[\r][\n]"
2006/08/08 17:04:15:960 CST [TRACE] HttpConnection - enter 
HttpConnection.print(String)
2006/08/08 17:04:15:960 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[])
2006/08/08 17:04:15:960 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.writeRequestHeaders(HttpState,HttpConnection)
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.addRequestHeaders(HttpState, HttpConnection)
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.addUserAgentRequestHeaders(HttpState, HttpConnection)
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.addHostRequestHeader(HttpState, HttpConnection)
2006/08/08 17:04:15:960 CST [DEBUG] HttpMethodBase - Adding Host request 
header
2006/08/08 17:04:15:960 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.addCookieRequestHeader(HttpState, HttpConnection)
2006/08/08 17:04:16:240 CST [TRACE] HttpState - enter 
HttpState.getCookies()
2006/08/08 17:04:16:240 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.addProxyConnectionHeader(HttpState, HttpConnection)
2006/08/08 17:04:16:240 CST [DEBUG] header - >> "Set-Cookie: 
JSESSIONID=39570AD89DD8BB6E781F68675787218E; Path=/whatever; 
Secure[\r][\n]"
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.print(String)
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[])
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:16:240 CST [DEBUG] header - >> "User-Agent: Jakarta 
Commons-HttpClient/3.0.1[\r][\n]"
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.print(String)
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[])
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:16:240 CST [DEBUG] header - >> "Host: 
www.blahblah.com.hk[\r][\n]"
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.print(String)
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[])
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.writeLine()
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[])
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.write(byte[], int, int)
2006/08/08 17:04:16:240 CST [DEBUG] header - >> "[\r][\n]"
2006/08/08 17:04:16:240 CST [TRACE] HttpConnection - enter 
HttpConnection.flushRequestOutputStream()
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -  Server 
certificate 1:
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Subject DN: 
<details remove>
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Signature 
Algorithm: MD5withRSA
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Valid from: 
Thu Sep 05 12:28:08 CST 2002
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Valid until: 
Sun Sep 02 12:28:08 CST 2012
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Issuer: 
<details removed>
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -  Server 
certificate 2:
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Subject DN: 
<actual details remove>
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Signature 
Algorithm: MD5withRSA
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Valid from: 
Mon Sep 16 09:23:26 CST 2002
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Valid until: 
Thu Sep 13 09:23:26 CST 2012
2006/08/08 17:04:16:240 CST [INFO] AuthSSLX509TrustManager -   Issuer: 
<actual details removed>
2006/08/08 17:04:16:400 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.readResponse(HttpState, HttpConnection)
2006/08/08 17:04:16:400 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.readStatusLine(HttpState, HttpConnection)
2006/08/08 17:04:16:400 CST [TRACE] HttpConnection - enter 
HttpConnection.readLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.readResponseHeaders(HttpState,HttpConnection)
2006/08/08 17:04:16:510 CST [TRACE] HttpConnection - enter 
HttpConnection.getResponseInputStream()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HeaderParser.parseHeaders(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readLine(InputStream, String)
2006/08/08 17:04:16:510 CST [TRACE] HttpParser - enter 
HttpParser.readRawLine()
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Date: Tue, 08 Aug 2006 
09:14:46 GMT[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Server: Apache/2.0.40 (Red 
Hat Linux)[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Set-Cookie: 
JSESSIONID=C66251A65E8B28B254CAA1B3CC2D23D6; Path=/whatever; 
Secure[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Content-Length: 
17[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Connection: close[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "Content-Type: 
text/plain;charset=Big5-HKSCS[\r][\n]"
2006/08/08 17:04:16:510 CST [DEBUG] header - << "X-Pad: avoid browser 
bug[\r][\n]"
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.processResponseHeaders(HttpState, HttpConnection)
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.readResponseBody(HttpState, HttpConnection)
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.readResponseBody(HttpConnection)
2006/08/08 17:04:16:510 CST [TRACE] HttpConnection - enter 
HttpConnection.getResponseInputStream()
2006/08/08 17:04:16:510 CST [TRACE] HttpMethodBase - enter 
HttpMethodBase.canResponseHaveBody(int)
2006/08/08 17:04:16:510 CST [DEBUG] content - << "<!access denied>[\n]"
Rsp: [<!access denied>]
2006/08/08 17:04:16:620 CST [DEBUG] HttpMethodBase - Should close 
connection in response to directive: close
2006/08/08 17:04:16:620 CST [TRACE] HttpConnection - enter 
HttpConnection.close()
2006/08/08 17:04:16:620 CST [TRACE] HttpConnection - enter 
HttpConnection.closeSockedAndStreams()
2006/08/08 17:04:16:620 CST [TRACE] HttpConnection - enter 
HttpConnection.releaseConnection()
2006/08/08 17:04:16:620 CST [DEBUG] HttpConnection - Releasing connection 
back to connection manager.



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message