hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: problem with https and cookies based session
Date Thu, 11 Oct 2007 09:33:32 GMT
On Wed, 2007-10-10 at 08:49 -0700, nzaghini wrote:
> I am really sorry my code before was incomplete, and of course it didn't make
> sense, unfortunately is not so easy.. (the get method was wrong too, i
> apologize)
> 
> >HttpClient client = new HttpClient();
> > client.getParams().setParameter(HttpMethodParams.USER_AGENT,
> >         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
> > Gecko/20070914 Firefox/2.0.0.7");
> > 
> > Protocol easyhttps = new Protocol("https", new
> > EasySSLProtocolSocketFactory(), 443);
> > Protocol.registerProtocol("https", easyhttps);
> > 
> 
> GetMethod method = new GetMethod("https://nicola:8443/ssp/");
> 
> > method.setDoAuthentication(true); // tryed with and without
> > 
> > HttpState state = new HttpState();
> 
> int statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> String responseBody = method.getResponseBodyAsString();
> 
> 
> statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> responseBody = method.getResponseBodyAsString();
> 
> 
> statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> responseBody = method.getResponseBodyAsString();
> 
> 
> I think this code should be fine to let my session go ahead, but putting
> break-point among invocations i can clearly see the content (session id) of
> the state object change after every invocation, and this makes my counter
> service on https://nicola:8443/ssp/ answer with the number 0 every
> invocation.
> 
> Of course the behavior change if i use http://nicola:8080/ssp/ as target
> page, it means that the result is 0, 1, 2 and the state object shows a
> session id never changing.
> 
> Thanks for your help.
> nicola
> 
> 

Nicola

Aha! The _session ID_ always changes, not the HttpState instance.

Please post two wire/context logs (one for a plain connection and
another one for https)

http://jakarta.apache.org/httpcomponents/httpclient-3.x/logging.html

Oleg

> 
> 
> 
> olegk wrote:
> > 
> > On Wed, 2007-10-10 at 07:57 -0700, nzaghini wrote:
> >> >There is no difference between plain http or https as far as the cookie
> >> >based state management is concerned. 
> >> 
> >> I am completely agree with you, but the result of my invocations seems to
> >> be
> >> different from the normal/logic/expected behavior..
> >> 
> >> >Why does it always change?
> >> 
> >> This is the question, i can't figure out why it change all the time.
> >> To let you better understand the situation i paste here my entire code,
> >> because maybe the problem is so macroscopic that i can't see it being too
> >> close..
> >> 
> >> I forgot to tell you that using the basic https support everithing works
> >> fine, but i need to work even with self-signed servers, and this is the
> >> solution suggested by HttpClient Jakarta site.
> >> 
> >> HttpClient client = new HttpClient();
> >> client.getParams().setParameter(HttpMethodParams.USER_AGENT,
> >>         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
> >> Gecko/20070914 Firefox/2.0.0.7");
> >> 
> >> Protocol easyhttps = new Protocol("https", new
> >> EasySSLProtocolSocketFactory(), 443);
> >> Protocol.registerProtocol("https", easyhttps);
> >> 
> >> GetMethod method = new GetMethod("http://nicola:8080/ssp/");
> >> method.setDoAuthentication(true); // tryed with and without
> >> 
> > =====================================
> >> HttpState state = new HttpState();
> >> 
> >> client.setState(state); 
> > ====================================
> > Nicola,
> > 
> > You are creating a new instance of HttpState for _each_ request thus
> > effectively discarding all cookies stored previously. No wonder sessions
> > do not 'stick'.
> > 
> > Oleg
> > 
> > 
> >> // tryed with and without
> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> method,
> >> null); //tryed with state instead of null
> >> 
> >> Thanks!
> >> nicola
> >> 
> >> 
> >> olegk wrote:
> >> > 
> >> > On Mon, 2007-10-08 at 07:05 -0700, nzaghini wrote:
> >> >> Hi,
> >> >> i have a problem with https and cookies based sessioning system.
> >> > 
> >> > There is no difference between plain http or https as far as the cookie
> >> > based state management is concerned.  
> >> > 
> >> >> I've just added the following line of code to my component exploiting
> >> >> httpclient
> >> >> 
> >> >>     Protocol easyhttps = new Protocol("https",
> >> >> EasySSLProtocolSocketFactory(), 443);
> >> >>     Protocol.registerProtocol("https", easyhttps);
> >> >> 
> >> >> All the classes used here comes from the httpclient home site.
> >> >> 
> >> >> What i need, and it works fine without ssl, is to make several request
> >> >> with
> >> >> the same HttpState obejct to let the session go ahead..
> >> >> 
> >> >> So, while i try to invoke the executeMethod several times like this:
> >> >> 
> >> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> >> method,
> >> >> state);
> >> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> >> method,
> >> >> state);
> >> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> >> method,
> >> >> state);
> >> >> 
> >> >> the state obect (instance of HttpState class)  always chage, 
> >> > 
> >> > Why does it always change?
> >> > 
> >> > Oleg
> >> > 
> >> >> so i cannot go
> >> >> ahead in the application session and all the time i'm in the same
> >> >> situation.
> >> >> 
> >> >> Thanks million for your help!
> >> >> nicola
> >> > 
> >> > 
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >> > For additional commands, e-mail:
> >> httpclient-user-help@jakarta.apache.org
> >> > 
> >> > 
> >> > 
> >> 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > 
> > 
> > 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message